Title: Alexander's Replies | WordPress.org

---

# Alexander

  [  ](https://wordpress.org/support/users/nosoft/)

 *   [Profile](https://wordpress.org/support/users/nosoft/)
 *   [Topics Started](https://wordpress.org/support/users/nosoft/topics/)
 *   [Replies Created](https://wordpress.org/support/users/nosoft/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/nosoft/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/nosoft/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/nosoft/engagements/)
 *   [Favorites](https://wordpress.org/support/users/nosoft/favorites/)

 Search replies:

## Forum Replies Created

Viewing 1 replies (of 1 total)

 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Remote attack try login as admin and upload themes](https://wordpress.org/support/topic/remote-attack-try-login-as-admin-and-upload-themes/)
 *  Thread Starter [Alexander](https://wordpress.org/support/users/nosoft/)
 * (@nosoft)
 * [13 years ago](https://wordpress.org/support/topic/remote-attack-try-login-as-admin-and-upload-themes/#post-3801408)
 * They try login calling wp-login.php with username admin and different passwords.
   I write all calls to wp-login.php to analyse them. All without password (only
   count password chars): $_SERVER,$_GET,$_POST,$_COOKIE,$_SESSION,$_FILES (not 
   needed here).
    These tries are possible 50 on a day. I thing from some server
   and is not only to this site, but to many. Search “wordpress 94.242.237.115” 
   and you will find results for mass WordPress attacks. Calls uploaded before .
   php files was from different IPs. Analyse hack is best way to prevent future 
   hacks. I fixed sites after hacks some times. Most hacks use set somewhere eval(
   s) + base64_decode (to be short and not easy to find).

Viewing 1 replies (of 1 total)