Brute force attack on non-generic user (3 posts)

  1. Matt Knowles
    Posted 2 years ago #

    I recently installed a login security plugin and it reported an attack from Sweden using the login of one of our users. The username wasn't admin so they weren't guessing at the password for that.

    The username isn't listed on the website anywhere that I'm aware of, so I'm wondering if WordPress gave it up somehow, or if the user's computer did. If the user's computer gave up the username, wouldn't they have been able to grab the password too?

    This is the first time I've seen a brute force attack against a real user so it has me wondering.

  2. Tara
    Volunteer Moderator
    Posted 2 years ago #

    WP Codex on Brute Force Attack: http://codex.wordpress.org/Brute_Force_Attacks

  3. Dave Naylor
    Posted 2 years ago #

    Unless you've taken specific steps to prevent it, obtaining the usernames of WordPress authors is easily done. I personally take preventative measures at a server level to prevent it. The good news is that this doesn't extend to passwords.

    Sorry to be a little vague but I don't want to publicly post solutions for the bad guys.

Topic Closed

This topic has been closed to new replies.

About this Topic