Title: Attacks using registered user IDs
Last modified: August 22, 2016

---

# Attacks using registered user IDs

 *  [halbert](https://wordpress.org/support/users/halbert/)
 * (@halbert)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/attacks-using-registered-user-ids/)
 * I’ve noticed that there seems to be a surge in the number of attacks hitting 
   my sites that are using legitimate registered user IDs, trying to brute-force
   the passwords.
 * Any idea how they’re pulling this list from my sites? Even user IDs that have
   not posted any comments or are otherwise visible are being attacked.
 * Thanks
 * -Allan
 * [https://wordpress.org/plugins/stop-spammer-registrations-plugin/](https://wordpress.org/plugins/stop-spammer-registrations-plugin/)

Viewing 1 replies (of 1 total)

 *  Plugin Contributor [Keith P. Graham](https://wordpress.org/support/users/kpgraham/)
 * (@kpgraham)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/attacks-using-registered-user-ids/#post-5670061)
 * This is new. Obviously there is an exploit or back door that lets someone list
   the users – probably through sql injection. There must be a plugin that does 
   not sanitize input that does this. Since the password is encrypted they can’t
   get that, so they run dictionary attacks.
 * Keith

Viewing 1 replies (of 1 total)

The topic ‘Attacks using registered user IDs’ is closed to new replies.

 * ![](https://ps.w.org/stop-spammer-registrations-plugin/assets/icon-256x256.png?
   rev=3377746)
 * [Stop Spammers Classic](https://wordpress.org/plugins/stop-spammer-registrations-plugin/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/stop-spammer-registrations-plugin/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/stop-spammer-registrations-plugin/)
 * [Active Topics](https://wordpress.org/support/plugin/stop-spammer-registrations-plugin/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/stop-spammer-registrations-plugin/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/stop-spammer-registrations-plugin/reviews/)

## Tags

 * [attacks](https://wordpress.org/support/topic-tag/attacks/)

 * 1 reply
 * 2 participants
 * Last reply from: [Keith P. Graham](https://wordpress.org/support/users/kpgraham/)
 * Last activity: [11 years, 3 months ago](https://wordpress.org/support/topic/attacks-using-registered-user-ids/#post-5670061)
 * Status: not resolved