So I get a ticket about high load on a server. Checking logs I see tons of:
POST /wp-login.php HTTP/1.0
and in logs:
– – [13/Aug/2013:13:35:07 -0400] “POST /wp-login.php HTTP/1.0”
Notice all http/1.0 – thanks for making it easy. Dropped with a .htaccess
RewriteEngine On
RewriteCond %{SERVER_PROTOCOL} ^(HTTP/1.0)
RewriteCond %{REQUEST_URI} ^/wp-login.php$
RewriteRule .* - [R=406]
Securitron plugin for WordPress should help. Give it a try.