Periodically, giant waves of comment spam or log-in attempts with incorrect credentials hit this blog. I have my own emergency services that take care of most of them. Those that get through need special treatment: outright blocking of a single IP address or whole blocks of IP addresses. Recently, the IP address 126.96.36.199 has been the source of such attacks. After blocking it, my software counted 2990 blocked attempts within a couple of days. Who knows how many other attempts there were from addresses within the block – none got past my gatekeeper. Trying to get to the bottom of this, I found out that the origin was a Russian service provider. The registered person, however, was a Toussaint Desaulniers (is that made up, I wonder) at 57, cours Franklin Roosevelt in Marseille. And the registered phone number has a German country code: +49 0 9401 784 003. I was intrigued and wanted to find out if the address was in existence. It was, although the store front to which it belongs does not look very confidence instilling.
Especially for independent WordPress installations it is really essential to have no administrator username like “admin” (the default WP administrator name), “administrator”, the domain or parts of the domain, or your personal name. Changing the default administrator username is the first step you should take after installing WordPress. You also should run one of the plug-ins that protect you against the worst (make yourself knowledgeable about the packages offered). And finally, always make sure that WordPress itself, your theme, and any plugins you have are up-to-date. Update your installation religiously.