How can attacker guess existing user accounts

  • Resolved michael776655

    (@michael776655)


    2 years, 1 month ago

    Got some login attempts (properly denied and blocked) with various wrongly guessed user names and “admin” of course. Now some attacker concentrates on our real admin account name, which does not appear anywhere on the web site and is not too obvious. How come?
    I understand you can only get a full list of user names after having successfully logged in as administrator?

    Limit Login Version 2.25.5
    Wordpress Version: 6.0.2
    (up to date, currently)

Viewing 3 replies - 1 through 3 (of 3 total)

  • It’s not hard for hackers to find usernames. Here’s an article that explains in more details how they are able to find it. That’s why you just have to use strong passwords and make sure your site is protect by plugins like this.
    https://www.wp-tweaks.com/hackers-can-find-your-wordpress-username/

    Thread Starter michael776655

    (@michael776655)

    Thanks a lot. I agree that it’s a good idea not to make usernames too obvious, besides a strong password, of course.

    Although our blog entries do not display an author’s name (Nick = ” “), every blog entry has this little “author” icon, and I noticed now the small empty nickname field holds a link revealing the author’s username. Which we do not want. How can I get rid of this?
    WP is a powerful tool and learning by searching is very hard, so please forgive, if this is a stupid question.

    Plugin Author WPChef

    (@wpchefgadget)

    The article suggested by gregjf908 shares some ways of hiding usernames. They are not easy to implement though by a non-developer user. The best way would be finding a plugin that hides the names but I’m not aware of any.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘How can attacker guess existing user accounts’ is closed to new replies.