According to WordPress security firm – Wordfence, The number of WordPress brute force attacks has more than doubled following a recent number of daily attacks & daily IPs involved.
Usually we see an average of around 13,000 unique IP’s attacking each day. We’re currently seeing over 30,000 unique attacking IPs and this is continuing to increase
Of these, over 1.65 million came from an unknown ISP named Pp Sks-lugan, for which there’s almost no information available through Google. In fact, most of the information returned by Google is about abuse reports and security related incidents.
The simplest way to prevent brute-force attacks is to install a WordPress firewall plugin. If you don’t run WordPress, there are generic Web Application Firewall services or tools you can use.
If you use WordPress, another trick is to use plugins that hide your admin panel URL, so attackers can’t connect to it. Some of the plugins that allow you to do this are WP Admin Block, HC Custom WP-Admin URL, Protect Your Admin, Custom Login URL, and WPS Hide Login. WordFence, who provides a free and paid version of a WordPress security plugin, was able to gather details about the source of these attacks.