About two weeks ago, a bunch of script kiddies decided to point their automated tools at my WordPress site. Fortunately, I have iThemes Security which locks out accounts. But, they figured out my original login and just kept hammering it which caused my account to lock out for another hour until it was going to be seven days before I could log in again.
Even after fixing that, I'm still getting constant attempts to break into the systems from a stunning number of different sites. Which kind of annoys me. Because WordPress is so easy, it is easy to write a tool to try logging into the account and then just keep hammering it until something break. It doesn't matter that my passwords look like line noise, they are still trying.
Trying things out
One of the things I did with the Sand and Blood and Fedran websites was to try a Jekyll-based site. Actually, I'm creating a hodgepodge setup that uses Perl, Python, Jekyll, and a number of other things that work the way I like to.
I like static sites. It is really hard to break into an HTML page. Plus they are really fast. Since I'm on shared hosting, my WordPress sites are getting slow the last few months.
The drawbacks is that I have to generate them somewhere. My laptop works well enough, but it is one additional step above just logging into a site and "doing things." It also won't work for SMWM and others who don't need to know the little details.
I'm tried of the attempts to break in, but I can't get rid of it entirely. So, I'm going to change most of the sites to a static one and just leave the dynamic sites for those who need it.
Not sure when I'm going to do this, but I'm getting tired of the emails.