I was checking the Awstats of one of my Wordpress websites and I noticed that the /wp-login.php was accessed 497 times in February. Does this mean that someone (or a bot) was trying to guess my WP login details for this website? I certainly didn't access the WP login page 497 times myself. In February (this month) I logged into my WP admin panel of this website maximally 5 times.
I would not worry too much. Keep plugins and wordpress on latest version. There is a forum member ~~~~ who says she will secure your wordpress site for free. I cant post links yet since I am new here, but you will find her here http://forums.digitalpoint.com/member.php?u=82523 .
hey i will suggest you to change your login url as early as possible... default login page for any wordpress login page is wp-login.php. It is easy for some one to crack your password using brute force attack ( trial and error ) . Try to search plugin that will change your login url..
Block the URL in your robots.txt file. It's prolly robot's using the default URL to try to register on your blog. I won't worry about this that much.
I have just noticed on one wordpress website which I manage: February hits on wp-login.php: 149 ; in 29 days March hits on wp-login.php: 1317 ; in 8 days I am also thinking of taking evasive action...
There is a WP plugin that will lock you out after set number of failed login attempts and collect IP address associated with failed logins so you can ban it. It's called "Login LockDown" Also you should change your admin login name from "admin" to more secure name, There are also plugins that will hide your wp-login page by renaming it to something only you know, it's called "Stealth Login" For more tips how to secure your WP go here :http://www.askfrank.net/how-to-secure-wordpress-blog-from-being-hacked-2012/
You may want to checkout the Bulletproof Security plugin which will create .htaccess files to prevent access of certain files and directories by non-authenticated users.