Possible Security Breach

I wouldn’t say it’s a security breach necessarily. Bots randomly attempting to log in with simple passwords is a common thing for almost any website.

If you’re using a strong password (something that is not a single word or a common piece of info for yourself), you really have nothing to worry about.

You might want to try using this plugin: https://www.ads-software.com/plugins/limit-login-attempts/

Also, you could add two-factor authentication, so that you know no matter how many times they try, they won’t get in without your phone: https://www.ads-software.com/plugins/google-authenticator/

Here are some great precautions that you can take without plugins too: https://codex.www.ads-software.com/Hardening_WordPress

There are other security plugins to try out there, and just as many experts say they’re necessary as say they are not. Suspicious activity is part of being online these days, it’s a sad truth. As long as they can’t get in, you’ll be just fine. ??

While Limit-Login attempts, will lockout any multiple incorrect password attempts, it will not put a stop to them.

Here is what you need to do.

1. You need to change the name of default login ID “admin” to something else. Every WP site has default login named “admin”. And when someone enters admin and incorrect password, it gives a error message “The password for login ID admin is incorrect” – which gives away the fact that there is indeed a “admin” named user id present.
2. You need to remove any admin access to ID number 1.
3. To keep login page secured, so that boths or random hackers cannot see the default /wp-admin login screen, you need to change the default /wp-admin login to something else such as https://www.yourdomain.com/cryptologin or any other you want. Every default WP installation has /wp-admin as a login page.

While these are few precautionary measures which can be done manually, there are others such as blocking access to htaccess file, protecting your directory structure from being seen and that the source code of your page tells anyone that you are using WordPress and lists all the plugins uses, who might then use any known vulnerabilities.

Look for a a security plugin called iThemes security. It does all of the above, and I use it myself with a couple of other plugins(Wordfence & antivirus) to cover all areas.

Thank you for your suggestions. I feel better knowing that it may just be random attempts at accessing.

I will implement these suggestions soon. I will close this thread afterwards so that I can give one status update before it is closed. Thanks again to both of you

You’re welcome! ??

So what I did was that I updated my WordPress and added iThemes. In iThemes, I started some features, but now my website is down. Anything I can do to get it back?

https://www.stemcellrevolution.com

The connection times out, and I need this to up and running as soon as possiblle

It looks like maybe your server is down. You should cotact your hosting provider ASAP.