Security Issue – hacked username

  • I have non-standard admin usernames on all my sites. I also have a lockout plugin that notifies me of (regular) brute-force attempts.

    Today I have seen a new escalation, the non-standard user name has been phished from somewhere. Not the password so the brute force continued.

    Any ideas where this security hole could be? What mechanisms are there (I assume there are none other than hacking the database) to find an admin user name.

    My computer is malware free and my net traffic monitored by me and no unusual activity has been observed.

    I consider this quite serious. any ideas?

Viewing 3 replies - 1 through 3 (of 3 total)

  • Does your site provide access to author pages?

    Thread Starter chrispink

    (@chrispink)

    Yes, it does and that sounds likely.

    The admin user was (by mistake) the author of two posts.

    i notice that a call to mydomain.com/wordpress/author/myAdminName does return a page so I suppose that was the way in but fairly clever stuff as it’s not an obvious call.

    and a google search on “site:mydomain.com/wordpress/” does return posts with the admin name in it.

    Gosh. There’s so much to look out for. Thank you for that information.

    Last time I counted there were 18 WordPress sites that I directly manage so I guess a bit of admin (if you’ll excuse the pun) is called for.

    Someone announced a new plugin a few days ago that is supposed to obfuscate author usernames in urls but I foolishly forgot to make a note of the plugin’s url. I do know its somewhere in in the Plugin Repo.

    Got it!

    https://www.ads-software.com/plugins/hide-username-front-side/

    Might be worth trying out.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security Issue – hacked username’ is closed to new replies.