For years we thought cyber attacks are just legends and occurs only on big sites.

The only protection we had, was this easy plugin which locks IP after too many login attempts.

 

 

We didn’t really pay attention to those lockouts. Recently we noticed 15 login attempts with non-existing users from large range of IP addresses.

Somebody started to scan our site for possible login – pass combinations. It started to be more interesting. We decided to try Cerber.

 

 

Now we had view at all activity on our site. The most strange thing we noticed, were multiple login attempts through XMLRPC gate.

 

 

After blocking this gate, some more strange things occured. It looks like hackers have some kind of list of bad-written plugins, which can be used to access private settings of our site.

We didn’t even installed those plugins!

 

 

They even tried to scan possible user names.

 

Non of them exist! Nice try, hackers. You only waste your time.