Over the last few days, we have noticed increasing accesses to the wp-login.php page of WordPress installations.

The attacks are not isolated, and come from many IP sources indicating that its a bot or an automated attack. In one case, we logged a total of 550 IP addresses in a 20 minute time span.

To prevent your wordpress site from getting hacked by this method, you should follow the below steps:

• Dont use “admin” as the username for the administrator account
• Dont use simple passwords. Always make your password a mix of letters, numbers and symbols
• Install the “Limit Login Attempts” plugin, so that after a number of failed login attempts, the attacker’s IP address is blocked.

Doing the above three things will substantially make it harder for a hacker to crack your WordPress password. Also, please keep your WordPress installation up to date. As of right now, the latest stable version is 3.6.