• Resolved barkins

    (@barkins)


    Thanks to WordFence I found out that hundreds of attempts have been made to log into my website using REAL usernames.

    I was able to delete the existing usernames and replace them with new accounts, however the site is still being targeted and attempts of getting into the website with the old existing accounts are still being made. WordFence is blocking them however.

    Is there anything else I should be doing to stop this, or just let it run its course?

    https://wordpress.org/plugins/wordfence/

Viewing 5 replies - 1 through 5 (of 5 total)
  • To prevent usernames being harvested:

    a) make sure that you create a nickname for every user, so that will be displayed against any posts they publish

    b) either try some .htaccess rules to prevent username enumeration (basically a scan to discover the usernames of a site)

    c) Use a plugin solution to stop the usernames being discovered

    Them, most important of all, use and enforce/encourage strong passwords.

    Good luck!

    Thread Starter barkins

    (@barkins)

    Thanks for the tips barnez.

    Thankfully I already had ‘enforce strong passwords’ active.

    Plugin Author WFMattR

    (@wfmattr)

    Thanks, @barnez, for weighing in!

    Wordfence also has an option to stop a certain type of scan for author names that is used fairly often. On the Wordfence Options page, look for:
    “Prevent discovery of usernames through ‘?/author=N’ scans”

    Some themes leak the username as part of a class name, usually on the <body> element — if you view the source of your site, you may find a page’s username there. It’s intended to be used for styling different authors’ pages differently. If any of the plugins that barnez mentioned don’t work for your particular theme, you might want to ask the theme author if there is a way to disable it.

    Thread Starter barkins

    (@barkins)

    Thanks WFMattR. I already had that feature checked off, making it even more disturbing how the account names were found out. I also don’t have the usernames listed in the body class either. Quite disturbing.

    Thankfully WordFence was installed on the site.

    Plugin Author WFMattR

    (@wfmattr)

    If you can’t find the username in any pages yourself, then that a bit is unusual. It could be that there is another method bots are just starting to use — or they got the username a long time ago, before this option was created.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Website Under Attack…’ is closed to new replies.