Wordpress adds CAPTCHA Security - Legitimate or Scam??

I attempted to login to my Wordpress administrator panel today, but there was a new login screen that I've never seen before, see screenshot below.

The specific message you will see is "The server http://yourwebsite:80 requires a username and password. The server says: WordPress attack protection CAPTCHA. Enter username: xxxx Password: The result of math xxxxx.

The login now requires you to input a predefined username of xxxx and an addition password of xxxx. What I thought was really weird was, I tried to login to another one of my Wordpress sites, and it prompted me with the same login screen, and showed the same username and password. Is this a legitimate Wordpress CAPTCHA, or is it the hackers trying to get access to our site? I really do not know. I'm writing this post because I didn't see anything else on the web talking about this yet, so I'm hoping someone else has seen this as well that's knowledgeable and can shed some light. I'm afraid if I enter the credentials, maybe my site will be compromised. Therefore I did not yet login.

Update 9AM
Spoke with my web host, and they said that they employed this security feature to block the botnets from accessing my website.

Wordpress administrator area access disabled temporarily due to widespread brute force attacks

Seems the Wordpress administrator area is temporarily disabled due to a widespread brute force attack. If your website uses Wordpress, your site is still available, but you wont have access to the administrator area. When you attempt to access the administrator area this following message is displayed "Wordpress administrator area access disabled temporarily due to widespread brute force attacks."

There is a workaroun, but I have not yet tried it to confirm if it works. Someone at stackexchange.com submitted  a question regarding this issue. See the following instructions and code to allow administrator access to your Wordpress site.


"Please add following to your .htaccess file in wp installation folder and replace x.x.x.x with your IP from which you want to access admin area.
  ~ "^wp-login.php"> 
Allow from x.x.x.x 


Order deny,allow 
Deny from all 


admin access"
If you tried this, and it works. Please leave a comment, and I will update this post stating it actually works. This will help lots of people that will need to update their sites today.