Wordpress Security / Brute Force / Proxies question

[loanuniverse]

It seems as if someone is trying to brute force my wordpress login. I am not so worried about it because the strength of my password. I also have security in place that locks the ip out after a couple of errors, but I was wondering..... If they are using a proxy, will they run out of ips? I am more concerned about my site slowing down if they get several machines rather than them actually breaking in.

91.224.160.35 lockout
99.128.101.225 lockout
24.199.189.66 lockout
212.183.165.15 lockout
217.128.175.91 lockout
81.202.44.26 lockout
93.160.220.14 lockout
83.165.194.24 lockout
80.59.98.59 lockout


Also can you guys give me some insight about these ips... I checked a couple and they seem EU based, but other than that I do not know much about them.

[monty]

Seems like most of the usual ways to protect your WP install wouldn't work here.

I would investigate either just having the wp-login.php being only accessible to your own IP (if you have a static IP) or for the mean-time just block everything trying to access wp-login.php .

[loanuniverse]

Yeahh, I might have to fiddle with the .htaccess file. Just got to figure out the ips of the computers that I sometime use for updating the site.

[monty]

A clever way of implementing the blocking rule when you have multiple computers, IP addresses etc, that I once read, is to allow access to wp-login.php only via a link on an obscurely named static HTML page (which only you know).

Checked on Google to find where I read this, and you can read the original post here.