I see a lot of brute-force attempts made to my site lately. In fact, the unsuccessful login attempts using the “admin” user id are increased by 300 fold. My preliminary investigation showed that all of the offending systems are running Linux. Compromised systems include online retailers, academic institutions, and individuals.
Upon investigating offending hosts, I realized that they ran Parallel’s Plesk, Mysql, nginx or Exim (or combination thereof). Not surprisingly, major security vulnerabilities found on all of these systems in 2014. This goes to show that the security is still not a priority for some hosting providers and organizations. I don’t know how badly these systems are compromised, but for now they are being used to attack WordPress sites.
You can protect yourself from this type of attacks by installing iThemes Security plug-in. This plug-in would guide you how to secure your site from brute-force attacks and among others.