Search My Blog

Tuesday, May 13, 2014

Bots and Script Kiddies - /wordpress/wp-login.php


So, on a whim, I went to clean up my sites log files. I have not done any clean up in a few years..... much less site postings or updates.... I'm too busy with my kids after work to do much research and posting after work these days.

Before purging them, I went and looked at my page stats for 2014. I was surprised to see the large volume of hit against the Wordpress login page. (I never renamed it or installed any Wordpress CAPTCHA tools to mitigate attack). I don't normally update my Wordpress site, it's more of a placeholder and traffic vehicle for LinkedIn and my Blog. It only has two pages, but the bots and script kiddies have found it and are vigorously running their standard dictionary attacks against it.....  1000's of hits per month. I know my password is decent :-).....  and please don't take this posting as a challenge. The password is decent... however... Wordpress is an older version. Folks would have better luck via that attack vector.... maybe I should go ahead an update to a newer version....