Chris Dennis asked:
What sort of 'hack' are they attempting?
Trying to register as a user, or
something more technical?
No, this is a brute force attempt to login, typically as 'admin' (the
shamefully still default user name for a new WordPress install). Even
if you sensibly don't have a user called that, it still involves
loading PHP and doing some MySQL accesses to check.
If it's the former, then I've found that
adding a hidden (by CSS) field to
the registration form, and denying access to bots that stupidly fill-in the
hidden field, blocks nearly all such attacks.
Hmm, I've used 'do they give an ICQ user ID?' as a bot test
successfully in the past, but I'd be surprised if it worked this time.
I'm also reluctant to start playing with WP core files, because it can
mess up the upgrade process.
Ian