[Mike Gwilliam]

My web site came under a hacking attack continuously yesterday for around an hour. Luckily all was ok though as the security plugin kept blocking out the attempts until it gave up. The attack was probably automated as it was using the username admin.

If you have a Wordpress site, ensure you version and plugins etc are up to date. Having it backed up is most important. Also use a security plugin which will block the user from logging in after 10 failed attempts (some are set to 50 by default I think).

A good article here why web sites get hacked from a while ago:

With last month’s major hacking attack on WordPress sites, I thought it would be appropriate to discuss website security. While the attack was focused on WordPress, it could just as easily happen to any content management system such as Drupal or Joomla.

http://www.katalystcreativegroup.com/blog/136-why-would-anyone-want-to-hack-my-site.html

[Ian Harper]

Mike great heads up.

I track all my visits and block any from outside UK, this helps a little, it also helps with adwords block that "mothers" that cant make up their minds. you can do it within your google account that just will not show your advert to them any more.

BTW there is a new one where people link to your site, dont fully understand how this one works but its an issue with google.

[Mike Gwilliam]

There is something where you can change your WP login page from www.thisismysite.com/wp-admin to www.thisismysite.com/somethingelse. Like you put something else as your WP login

So what you are in fact doing is changing your Wordpress admin login from the usual Wordpress admin page to something that the casual/usual hackers won't usually find out unless they are determined.

I did this just after the attack and hey ho......I have not had one visit from Beijing, China, Russia or India. I just checked my stats today. This is quite significant and illustrates that spammers and hackers do actually look for wp-admin.