Wordpress Brute Force Attack Has Username

Synode · 26-01-2016 9:14pm #1

Hi all,

I have a Wordpress site that's been getting brute force attacked for the last 6 months (at the very least, I only took it over then. I have Sucuri Security installed and just checked the logs to see that there are multiple failed logins from different IPs using the correct username. The username is pretty unusual so am wondering a few things:-

How has the attack worked out that it has the correct username
Is there much point in changing the username if an attack is guessing it within 6 months? Actually, just checked and Wordpress says my username cannot be changed? So I can't do anything here?
What are the best practices for protecting against these types of attack?
Any other good security plugins I should be using?

Thanks for looking

Baz_ · 26-01-2016 9:38pm

could this have happened: https://www.youtube.com/watch?v=ynhTvhCHiPY

Synode · 26-01-2016 10:10pm

Baz_ wrote: »

could this have happened: https://www.youtube.com/watch?v=ynhTvhCHiPY

Only 1 user with 0 posts so unlikely.

Synode · 26-01-2016 11:24pm

This was worth a read in relation to defending it

http://www.sitepoint.com/preventing-brute-force-attacks-against-wordpress-websites/

Synode · 27-01-2016 2:31pm

Still interested to know how they become aware that they have the correct username once they guess it. They're concentrating on the correct username the last month so they must be aware that it's right. What confirmed it?

Synode · 27-01-2016 2:36pm

So found out how they get the username:

yourdomain.com/?author=1

Returns the username of the user with id of 1 i.e. the administrator. Fairly retarded on Wordpresses behalf.

Wordpress Brute Force Attack Has Username

Comments