8Dweb wants to share some tips to website owners to help YOU find and mitigate brute-force attacks on your WordPress admin login.
Be SURE to view your error and transfer logs for your site through the SiteWorx Control Panel
Look for wp-login.php in the access log, usually in groups of a handful of attempts, often from different but similar IPs. Keep in mind your IP will have wp-login.php entries - don't block that. To check your IP you can use http://fetchip.com
Remove your admin user - rename it to something LONG. Reset your admin password.
Change your database prefix
Install and configure Better WP Security - OR purchase our WordPress Security Package and we will do ALL of this for you.
Add this code to your .htaccess file in the ROOT of your site or in the wp-admin folder, change ?.example.com to YOUR domain - such as ?.8Dweb.com in the 5th line below. We have reports that the attack has been modified to overcome this now...: