Additional ..

Well this is a blast, my poorly website is being hammered with brute force attacks, coming in mainly from the XML-RPC facility on WordPress.

• I know this because ‘Limit Login Attempts’ is logging them.

Fifteen in the last 10 hours on 17/12/2018, with all of them being logged out after 2 failed attempts, but strangely enough: several of the blocked IPs are having another go an hour later.

{ Huff! }

• But being as ‘Xng1px’ is my weird WordPress created username: then I feel quite confident that they’ll never even get it, to then begin the nasty hacking process.

I’ve tried: (unsuccessfully), to install a plug-in that hides my log in /wp-login.php file; with all sorts of problems with me trying to log back in. It is the way to go, but it’s not that easy to implement.

Update:- 23-08-2020. The venerable plugin that I was vainly attempting to use back then was called, WPS Hide Login, and several others were reporting the same issues that I had. Now, that’s not to say it’s a bad plugin, its just fiddly for the novice, especially if your .Htaccesss file is incorrectly set up.

Hummmm! – The one I’m currently trying out is called Webcraftic, and touch wood: I can still log into my site, but the wp-login.php file has been renamed. So that should kill off the shitty-web-bot cruisers, cruising the lanes for an open hole to play inside.

Continued:-

From the log that Limit Log in creates, .. I can see that well over 50% of the traffic was coming in on the XML-RPC channel, (that I don’t use), so in one foul stroke I’ve eliminated them by installing a rather neat plugin called, ..

It happily turns off * ALL * of the XML-RPC traffic, including ping-backs (but only if you want that sharing feature disabled.)

I feel quite confident that I’m finally beating the spammy fuckers ..

Thanks for reading, Jessica: Praise be the ORI.