Hello @eranfeit,
Thanks for reaching out and for sharing the details.
Just to clarify a few aspects of our plugin: what you received is the weekly summary email – it aggregates all login activity and failed login attempts for that period. The large numbers don’t mean it happened all at once, but rather that the plugin counted all those attempts during the past week.
The plugin did it’s job in surfacing what happened over the span of last week, so If you want to dig deeper, you can open the Activity Log page in your dashboard. There you can see the exact times, usernames, and IPs for each attempt. In particular:
- Event ID 1002 is logged when an existing user tries to log in with a wrong password.
- Event ID 1003 is logged when a non-existing user tries to log in.
Checking those events will show you which usernames were targeted and when the attempts happened, along with user agents and IP addresses. I am confident this should help find patterns useful in clarifying vulnerable/exposed site user accounts etc.
What you’re seeing is therefore clearly not a bug – and If I have to judge (even though with limited site knowledge) these numbers are typical of brute-force bots scanning WordPress sites.
To reduce or avoid them, you can:
- Add a CAPTCHA to the login forms if you haven’t already.
- Change the default login URL to something custom.
- Keep monitoring the Activity Log to see if the attempts persist and if you can spot patterns which can help you decide what other security measures you can implement. Your hosting would surely help on that matter as they usually encounter such cases often.
I hope the above clarifies the question, however, do let me know how things progress and/or if you have additional questions!
Have a wonderful day ahead!
