@NodeHam are they script kiddies? It looks like you have a huge number of login attempts.

Yup, it is internal.

I found this for anyone that comes across this. https://community.nodebb.org/topic/12493/nodebb-plugin-prometheus-prometheus-monitoring-for-nodebb

Yes but aren't those usually script kiddies? The number of unique visitors is only 202 while the login attempts are nearly 15K for yesterday alone.

Well, I wasn't posting looking for technical information but now you have me curious :).

Looking at the logs, they strongly suggest automated bot activity. Hits from Googlebot and other search crawlers WordPress vulnerability scanners Automated scanning tools like ZGrab

Are these triggering login attempts either by mistake or as part of their crawling process? Googlebot, for example, accesses various URLs, including login pages, and might cause login events.

Many of the requests are targeting /wp-admin/setup-config.php, /wordpress/wp-admin/setup-config.php, /xmlrpc.php, /wlwmanifest.xml, and similar WordPress-related URLs.

Since it's not a WP site, are these requests resulting in redirects or 301 responses, but getting counted in access logs that result in the dashboard stats?

One question. Are the dashboard logs derived from the web server logs or directly from the nodebb code? I assume directly.