We’ve discussed building a honey pot for the registration form to prevent spam signups by bots. But what about the login form? With WordPress being so much more ubiquitous across the Internet today, there are many more attempts to hack and exploit it. Many of these attempts are automated by bots.
Whether the login attempt comes from a bot or a human, the most common attempt for an exploit is to use the username “admin”. WordPress used to install the default admin account with the username “admin”. Fortunately, it no longer does this so you don’t have to delete the account to create a more secure admin account. But unfortunately, a great many people still create admin accounts with “admin” as the username.
An ounce of prevention is worth a pound of cure, so your best initial defense is to not have obvious usernames for administrative users. But a good second line of defense is to create a honey pot for the login form.