Usernames Being Found

Hi

There’s a few ways I can think of that they might be getting usernames. Some that we help with can be disabled by turning on these options on the option page:
Prevent discovery of usernames through ‘?/author=N’ scans
Immediately lock out invalid usernames
Don’t let WordPress reveal valid users in login errors

Also, something I learned the hard way. Users aren’t always security conscious. Make sure their display names in their profiles are set to anything bu their login name. I found my valid username attempts from foreign countries tapered off starting almost immediately after I went through and changed those for my people.

tim

Thanks for your quick response Tim. I appreciate it.

Each of the options you mentioned have been checked for a long time.

None of the usernames are the same as the display names.

Had another login attempt today on another site using the actual backup admin cryptic username. So far, the hackers are only seeing the *backup* usernames.

Don

Is that a system account or a wordpress account?

tim

Not sure what you mean by “system account”. But, all sites are self-hosted on various shared hosting accounts. None are WordPress-hosted.

The backup admin. Is that a linux server account or an account you created in wordpress?

tim

Linux

Then you have a bigger issue with your server, not so much with the wordpress level. Someone is likely scanning your /etc/passwd file for usernames and then trying to use them to login to wordpress.

**As an aside, if anyone uses Linux account names as their wordpress usernames, they need to seriously have someone talk to them about security. Don’t do that. Ever.

So, I would open a ticket with your hosting provider and mention this, that you are seeing legitimate linux accounts being used to try and login to your wordpress admin area. They might need to look and see if there are any holes in the server security.

tim

I have sort of the same problems. Did not really understand this with Linux, my websites on shared hosting accounts. For example with HostGator. I have created my users inside of WordPress. The first user is done with the wordpressinstallation using the software “QuickInstall”. But this has affected both these users and the users I created afterwards. The options that you mentioned above are checked, nor do I have the display names as usernames. Even when I created a new admin account after Word Fence was installed it took only aboute one day and then I saw attempts to log in with that username. I have notis under “Pages Not Found” attempts to figure out different author ID (for example https://diffner.se/?author=8). So it really feels like the “blockage” is not working. Have I missed something? and how can this be solved? Run the latest version of wordpress and Word Fence.

With shared hosting it can be trickier. Sometimes there is the element of cross contamination to worry about. You may be locked down but another user a home directory away from you may not be as vigilant. Regardless, your question is different from the OP because of the linux account being used. Please open a new post for your issue.

tim