I’m seeing the same thing and was getting ready to post a question about it.
I’m not overly alarmed since WF IS blocking them – but it’s been going on for over a week now on one of my sites that is NOT a high traffic site …
First it was “admin”, now it’s “test” but the more peculiar thing is they are trying to login at the following: http://mydomain.com/wp-admin/admin.php?page=Wordfence
I’m wondering why they are on THAT page link and then trying to login (although I do have measures in place that will bounce them if they try to go to the normal login address).
Bcr8tive~
-
This reply was modified 9 years, 4 months ago by
bcr8tive.
Hi,
This could be a bad bot that has some bugs in fetching the “login” username or the login URL that could be involved in a brute-force attack on your website.
However, since you mentioned that these attacks come from all over the world, it’s worth to try testing this out yourself by using any invalid username, make sure to use a VPN connection or your cellphone while trying this one, so you don’t lockout yourself and just in case this happened, you will find this link helpful.
Thanks.
Thread Starter
pgb
(@pgb)
Thank you very much, that’s very helpful.