By default WordPress lets anyone just gather up a list of all the usernames on your server, so of course there's some patient-ass bot out there that gets all the usernames and tries every 15 minutes to break in from different IP addresses. A tortoise brute force approach.
I shouldn't have to download a plugin to fix this. It's basically like the default install tapes a target right onto your back.
@lawremipsum how on earth is wordpress still this awful lmao??? it's almost 20 years old!!
@lawremipsum what's the plugin that stops it 👀
@iosefmann wpf2b can but the docs on how to configure the free version to do it are deliberately obscure. I'm using https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/
@lawremipsum there are a lot of password stuffing bots out there, I even get wp-login.php requests in access logs on my decidedly non-WP server
A community centered on the Twin Cities of Minneapolis and St. Paul, Minnesota, and their surrounding region. Predominantly queer with a focus on urban and social justice issues.