Yeah, I’ve seen that kind of spike before. Usually it’s some bot wave hitting the same tired loophole for a few days, not necessarily your setup suddenly gonna hell. That said, WordPress forums do seem to attract this crap like moths to a porch light. I’d still check the boring stuff first — first-post restrictions, email verification, any plugin update, and whether the signup path changed without you noticing. That “looks protected but isn’t” thing is annoyingly common.
ToolDecision
Tools, compared and explained
ToolDecision
Tools, compared and explained