Whoa! Inspired by Medium.Com, I decided to search, download and install Kevin Weber’s Inline Comments plugin (created by  to this blog too.

Inline Comments lets users add comment with specific reference to any paragraph of the blog post, which is kind of cool, considering how hard is to quote blog texts. Now you just get one cute ‘+’ sign close to the paragraph, over which you’re hovering (no mobile support, sorry), and if you click on that, you can leave comment instantly.

The same comment appears just like any other “legacy” comment below the post, but also with handy “reference” link to the paragraph you commented.

Together with Inline Comments, I decided also to install and run WP Ajaxify Comments, as these two compliment each other in quite nice way. As this is serious change to the overall comments experience, I will watch closely how it goes. Don’t hesitate to drop me a word, if you see any problems whatsoever.

So far I’m loving it :). And I hope Inline Comments will stay for a while on this blog.

I decided to quickly check what’s the actual attack activity and I installed the Limit Login Attempts WordPress plugin. What this plugin does is it logs all incorrect login attempts, and if they go above given treshold, it blocks the IP for a while and logs the blocking. After few blockings, it blocks the IP for a day or so.

This functionality, of course, immediately blocks any bruteforce attempts. What’s more interesting here though is the fact that it logs the attempts. That was more interesting for me, because it gave me a chance to evaluate the attack size. And here’s what I’ve got, just for 2 days:

Obviously, there was some “unhealthy” interest. But I never expected that the scale would be that big. And they were all shooting for “the big fella”, the “admin” account.

So it was time to change the admin username. Obviously, the success factor of the attack is based on the fact that WordPress comes with default “admin” username. If I change the username to something else, the attack would never succeed, even if it by some crazy stupid chance succeeds to get my password right (12+ symbols password). It was pretty quick change, although I had to play with the database directly (I’m almost sure there’s a plugin to do the job as well).

Now all seems safe. My wordpress applications locked my account twice, until I realized that I have to change the username there too, but that was the only harm so far.

So, if you’re managing WordPress blog, I urgently advise you to install Limit Login Attempts and change your admin user password (if you have only one admin user, if you have many, you have to live with the plugin only). Otherwise, you’re pretty much exposed to (some) risk, especially if you have easily guessable WordPress admin password.

Good luck!

Сега накратко искам да помоля всички коментиращи, освен стандартните “common sense” правила, да спазват още едно – ако ще коментират, да го правят през Facebook акаунта си, ако имат такъв. Само 2 клика е, спестява писане по поленцата (ако вече ги нямате), а е много удобно.

Всички останали, които имат акаунт в моя блог, може да си “вържат” акаунта с техния Facebook акаунт, за да им е още по-удобно при коментиране.

Предварително ви благодаря!