Someone has crawled over the WordPress core directory, but done nothing (as far as I can tell). Hmmmmm!
If it was a <brute force> attack . . . and
IF a password rating of 100/100 is designed to give the site admin meaningful information regarding the security level . . .
THEN . . . something just doesn’t add up!
It turns out that the default installation of WordPress allows unlimited attempts at guessing the ‘Admin’ password. So even a 19 character password can be cracked. The solution is to have layers of security, which discourage random hackers from bothering, and make the task of determined criminals much tougher. I guess that this hacker maybe just wanted to try out their new password-cracking tool . . . but of course the actual-whys don’t matter, it is the possible-whys that need to be anticipated (and then used to prompt appropriate security).
