One of the given perils of this business is you become prime target for hack attempts. A quick look at the history of security companies (From RSA to recent hacking team) shows that, it is imperative to expect successful and unsuccessful hacks. So we weren’t surprised when we got the below alert last week from word press.
The IP turned out to be from a very well know hotel in Kansas. They advertise complementary wifi in hotel rooms, lobbies and coffee shops. It is very hard to say weather the hacker is a resident of the hotel, an insider, a bot or some hacker sitting in their coffee shop. We did the prudent thing to do, sent the “hotel contact” a detailed information of the alert. Hope that will lead them to something that they can fix.
Coming back to the hack itself, the fact that saved this site from further damage is the security settings that wordpress provides. We have limited the login attempts to bare minimum. We have also taken all the security precaution possible (except hiding the wp-login link, which we have corrected now).
If your website does get hacked and it is a wordpress hack please check this for a detailed analyses and recovery. Of course official wordpress article does have a very detailed list of steps both to prevent issues and recovery https://codex.wordpress.org/FAQ_My_site_was_hacked.