Shared from WordPress Security Lab
Re: Global WordPress Brute Force Attack Flood – Check Your Security Settings:
They are all under attack – HostGator, GoDaddy, BlueHost, 1&1, et al – and it’s a brute force attack on anyone hosting a CMS system – WordPress, Joomla and Drupal.
Its world wide and has been gathering momentum over the last 6 to 8 weeks. They gain entry via one site on a shared server and then infect all the sites and other servers. The only thing you can do right now is to enter your hosting account via cPanel or FTP and change your logins.
If you are successful with doing that, then you need to run security scans on your site’s core files and remove any malware and restore the files to their original state. And finally, change your logins – both UserName and Password for your site before logging out.
If you are using ‘Admin’ as your UserName, you have to change this…immediately.