It has recently been reported that WordPress blogs are being attacked by a Brute-Force campaign.
A Brute-Force attack happens when a malicious individual creates an automated script with the sole purpose of guessing your administrative password. It does this by pointing the script at your blog’s login URL: http://yourblogsdomain.com/wp-login.php. The script repeatedly guesses at your login name and password from a dictionary of commonly used usernames and passwords.
Here is an explanation from the post linked above:
The wp_brute_attempt() function takes 3 parameters, $ch which is cURL’s structure (cURL is a command line tools that can be used to perform HTTP requests). The other two parameters define the site and the password that will be tried. If the script logged in successfully, the page that gets returned by the server will contain the phrase “Log Out”, and the function will return a true value.
If you are currently running a WordPress blog and would like to secure your site against these attacks, the easiest thing to do is to simply change your admin username and to make sure you have a strong password in place.
If you would like assistance securing your site against this attack, FullThrottle is available to help. Simply contact us for more details.