Support » Fixing WordPress » Attempted attack how could they have snooped my user name?

  • Greetings,

    I am puzzled. I just noted somebody (from Russia) tried to log in. Now I see attacks from time to time on this domain (it is under construction and has a note to that effect), but what worried me is that his individual had my user name almost correct. Except for some upper case characters. In other words correct but he used lower where it should have been upper case. How could they have found out? Now I haste to say that as the only admin of the site, I use a user name of random characters (upper and lower case) with special characters in between, over 20 characters long. So the changes of guessing are so remote I do not think one could in 20 years. Especially since my security settings throw you out if you use one that does not exist, so no trial and error here and fishing if you got it right. I also always log in over a secure connection.

    Does anybody have any hints as to where this individual could have possibly found out? Is there a hole somewhere? Any insight?

    Thanks.

Viewing 15 replies - 1 through 15 (of 16 total)
  • Moderator t-p

    (@t-p)

    great read, thanks Tara, all of that is already in place.

    David_G

    (@questas_admin)

    Check out the https://wordpress.org/plugins/bulletproof-security/

    It works, stopped the attacks on my sites.

    @changeagent

    Have you created a nickname in your profile for your username?

    If you do this and then set Display name publicly as {nickname}, it will prevent your username being revealed by enumeration. However, as your username has been (almost) compromised, you may want to create another admin level username / password / nickname, assign all your existing posts to the new user, and then delete the existing username.

    More info here:
    http://wordpress.stackexchange.com/questions/46469/can-i-prevent-enumeration-of-usernames

    Finally, some believe that providing you have a very strong unique password, updated every six months or so, it is irrelevant whether someone knows your username (in many cases this is your publicly available email address).

    hi questas_admin

    I have Wordfence installed, I suppose it does similar things. For one it blocks login if you use a non existing name. And sends an alarm, that is how I know.

    hi barnez

    yes I have a nickname. Did that when I set it up. I also immediately deleted the almost compromised admin and created a new one.

    I have a a ± 40 caracter password. So that is strong enough I hope.

    Good info in the link. Thanks

    If you do this and then set Display name publicly as {nickname}, it will prevent your username being revealed by enumeration

    I’ve never had any success with that as a method of preventing enumeration. Just a quick example: A(the) default admin name of “admin”, admins nickname is Richard, and public display is set to “Richard”. Posts are attributed to Richard, but user enumeration – yoursite.com/?author=1 reveals “admin”. /?author=1, /?author=2, /?author=3, reveals additional authors in numeric succession.

    @claytonjames

    Good morning.

    Thanks for that, indeed it works, so it is indeed useless to have any other name in the public display section. I am surprised so many posts and forums tell you to never use admin etc, but in the end it makes no difference what so ever, it just makes it one baby step more difficult for a hacker.

    Good info, I am learning.

    In the past I have used the “Stop User Enumeration” plugin:
    https://wordpress.org/plugins/stop-user-enumeration/

    Most recently, however, I have this in .htaccess:

    ## Stop Enumeration (BulletProof Security)
    RewriteCond %{QUERY_STRING} ^author=([0-9]){1,}$ [NC]
    RewriteRule ^(.*)$ $1?author=999999 [L]
    # plus Send /author/ scans to Home Page
    RedirectMatch (?i)^/author.*$ /

    @leejosepho

    great stuff, I think I ad that.

    ## Stop Enumeration (BulletProof Security)

    Is this from BulletProof Security? Or part of this plugin? Or did you just give it that name so it has a name?

    I have that in my Custom Code added within the BulletProof Security plugin, and I believe those two Rewrite lines came directly from there (BPS).

    aha, thanks!

    Moderator t-p

    (@t-p)

    @leejosepho,
    Just to clarify, would your snippet work independently, OR one has to install BulletProof Security plugin for this snippet to work?

    David_G

    (@questas_admin)

    Personally I think Bullet Proof Security is probably about the best security plugin you will find. I tried several others but settled on BPS PRO. The support is excellent and has features that no one else has. Definately worth looking at.

    Just to clarify, would…snippet work independently

    Yes, I believe so…just maybe leave the ‘## Stop Enumeration (BulletProof Security)’ line there as a reminder to always give credit where due! 😉

Viewing 15 replies - 1 through 15 (of 16 total)
  • The topic ‘Attempted attack how could they have snooped my user name?’ is closed to new replies.