Soooo…..all of a sudden all of my client sites running on WordPress (on the same server) are timing out.
I called our managed VPS provider, WiredTree, to see what was up. I got lucky because the problem was intermittent, but it was occurring at the very moment I got thru to tech support. After noticing there was a spike in load on our server, my homie at WiredTree found that there were a large number of processes running on the login page of one of our WordPress installs.
Determination: Brute Force attack attempting to gain access to WordPress instance via login page. There was a break in the processes, and I immediately installed Limit Login Attempts. Order and harmony was restored. Download that bad boy here, folks: http://wordpress.org/plugins/limit-login-attempts/
Yeah, it’s time to lock down all of our WordPress installs once and for all.