“normal and expected”
I registered a domain name for a local club a few days ago. Poking around the Cpanel (as you do) I noticed I already had ten pages of visitors from all over the world – Hong Kong, Singapore, Canada. Mostly trying to get into the WordPress installation.
This site doesn’t have a WordPress installation. So I axed AI it and said:
WordPress sites are frequently targeted by automated bots that scan the internet for websites using the WordPress platform. These bots attempt to log in to your site’s admin area (typically at /wp-admin) using common usernames like “admin” and weak passwords such as “password” or “123456.” This activity is extremely common and does not indicate a breach—your site is likely secure if you’re using a strong password.
You’re not alone: This behavior happens to nearly every WordPress site, regardless of size or niche. The “visitor log” you’re seeing is likely from failed login attempts, not real visitors.
This activity is normal and expected. As long as your credentials are strong and your site is updated, you’re not at significant risk.
It makes you wonder how much Internet traffic is mindless bots. I understand USENET is completely consumed by bottage now.
Fun fact: Uncle B and I met on USENET.
January 26, 2026 — 6:19 pm
Comments: 3