There is brute force attack on almost every WordPress based website. The frequency can be more or less but it usually happens with most of the sites (unless you are hidden from search engines or your site is published privately without the world knowing it.

The best way to look for such attacks and curb them is to install a plugin to stop brute force attack on WordPress sites. Wordfence do it well and here is screenshot of the monitoring email address which gets a notification every time someone tries to get nasty with your websites.

To protect your site, you need to install Wordfence and configure it with the following parameters which instantly blocks any ip trying to log in with invalid username. You can set the time and parameters according to you but an idea setting could be this.

%d bloggers like this: