Moderator
t-p
(@t-p)
It is disconcerting when an attacker obtains your username (assuming it’s not ‘admin’) and mounts a brute force attack. As long as you have a good strong password, you have little to worry about. If they had your password, your site would already be hacked. By using one of the plugins referenced in Tara’s link that limits login attempts, even a modestly weak password would be good enough.
Since most WP installations probably do not have SSL capabilities, login credentials are passed as plain text and are susceptible to packet sniffing attacks. Fortunately, such attacks are typically only possible in open networks, such as coffee shop, public library and motel wi-fi systems. As long as one avoids logging in over such networks, and your home and/or work router is properly secured, this attack vector is not possible.
There are other vectors of course, such as key loggers, but most of the ones I can think of would yield the password as well as username. The only vectors where only the username but not password is available would be shoulder surfing or checking browser history in a public place. Or if your user name is used in other sites, especially forums where a link to your WP site is available, like this one.
Good Internet hygiene should prevent all of these vectors, but everyone has momentary lapses and inadvertently let’s down their guard. Such mistakes rarely coincide with an attacker watching, but it obviously happens.
Hi, after i have upgrade to WP 3.8.1 and changed the username and after quiet 2 days the problem returns.
i don’t know what do
Moderator
t-p
(@t-p)
after quiet 2 days the problem returns.
Obviously the attacker finds an open door!
Have you discussed this with your hosting provider?
