I’ve had a steady flow of login attempts reported while this plugin has been installed on two different servers with wordpress installations. Similar invalid usernames and number of attempts for semivalid usernames. This has gone on for almost a year.
What does not make sense to me is that one site is a non-published site that only 3 people in the world know about. The only common factor is that this plugin is installed on both sites. Are these attacks real? If so, how come the attacks so closely resemble each other?
Anyway, tonight I loaded Wordfence on both server installations and ran full scans. Nothing out of place. All good result. And now the Limit Login Attempts plugin is uninstalled and deleted from both to see if the constant level of illegal logins continue.
