[fortran77]

These tend to try the top _n_ exploits on common ports. In fact, a little obscurity rids oneself from common attacks. I usually move my Wordpress admin access to a different port and URL and that really does stop scripts from trying exploits all day long. (Of course, I make sure everything else is set for security, too.)

[sph]

Yeah. I eliminated a persistent bot attack on a webapp in minutes by simply adding a very easy question on user signup (like "what's 1+1?")

Security through obscurity is an overused concept: it doesn't work against determined humans, but on the greater internet, when your adversary are bots, it is extremely effective.

[thfuran]

It even works on determined humans. It's defeatable but dissuades many humans and slows down the rest. It is a useful layer in security. It just can't be the only layer.