As of about 2:30pm (UK time) today (10th Feb 2014) we detected and are monitoring the largest distributed brute force attack on WordPress installations that we’ve seen to date! The real-time attack map on wordfence.com became so busy that they reportedly had to throttle the amount of traffic shown down to 4% of actual traffic.
A brute force attack is when an attacker tries many times to guess your username password combination by repeatedly sending login attempts. A distributed brute force attack is when an attacker uses a large number of machines spread around the internet to do this in order to circumvent any blocking mechanisms put in place.
We enable options that will immediately block any attack originating from an IP address that has attacked other WordPress sites using Wordfence. This is an effective defence against this type of attack.
We are continuing to monitor all websites, and would recommend that until this passes you monitor your WordPress websites closely too for unusual activity including logins, account creation or changes to the public facing website.
If you have any further questions, please get in touch with our support team: firstname.lastname@example.org
Source & assistance from: www.wordfence.com