So it has been about a fortnight now since I set up a WordPress site for the scouts.   Now in that time I have blocked 3 IP addresses for trying to guess user passwords.  Now this i kind of expect there are a lot of botnets out there to try that sort of thing.

What intrigues me is how they worked out it was a WordPress site quite so quickly, and why the cracking code is not optimised to not fall foul of the standard systems that WordPress comes with to block such attacks.*  Also who sets up accounts with the names: admin, manager, root.

Then again if you have a very large botnet at your disposal then you don’t have to be that sophisticated, eventually you will beat someone.

* Ok, I accept that there probably been a lot more attempts than 3, and some of them may have been smart enough that they have remained undetected.