Too Many Login Attempts

Hi – I’m a long term lurker on these forums and have found many a solution here. Thanks to all the forum members who have posted so many answers. Today I have a question that I can’t find an answer to though, so I finally got around to registering.

I seem to be under some sort of brute force attack.

My admin account doesn’t have the default username, but it does use the user_id 1 (which I’m realising probably isn’t the best idea). I’ve just created a new admin user with a different name and a different user_id and will be disabling the existing one as soon as I’ve established that my new admin account is working properly.

The existing admin account is almost constantly locked out due to ‘too many failed login attempts’. I’m using Bullet Proof Security plugin.

The strange thing is that user_ids 2 through 6 are also locked out, but no other accounts (I’m not going to disclose the exact number but there are hundreds of accounts). The attempts are coming from a variety of IP addresses, but there is a pattern forming – the attempts all come from one IP address for a short period of time, then switch to another one.

To log back in each time, I have to go into the database and change the user account to ‘Not Locked’ in one of the BPS tables.

The issue started mid January and has continued for over a week.

Is anyone else experiencing this?

Have you been able to trace this to something other than a brute force attack?

Is it possible that the attack is using the user_id instead of the user name to login?

I think I’ve got around the issue for the moment – hiding the admin account at a completely random user_id should alleviate the issue for a while at least, but I’m looking to see if this is a common issue and what might be able to be done longer term.