After 2 hours struggling with the tech support, they finally told me that my server is under brute force attack. The hackers or bots are trying to hit on one of the WordPress website's wp-login.php file.
There is no easy way to block those IPs. So the temporary solution is to stop the bot from hitting the wp-login.php file and summiting the login and password by password protecting the wp-loginl.php page. So it will prompt to enter extra login and password before login to WordPress.
This process add an extra file look up at Apache level.
Here is how it works.
- Setup a hidden .wpadmin file above your website root. It's usually under /home/[username]/
- Run SSH tool like putty.exe login to your web server as root.
- execute the commentline: htpasswd -c .wpadmin [login name]
- It will prompt you to enter password
- Once you set the file you will need to add few lines of code to .htaccess file for each one of your WordPress installation
ErrorDocument 401 "Unauthorized Access"
ErrorDocument 403 "Forbidden"
AuthName "Authorized Only"