Title: Brute force question Last modified: August 22, 2016 --- # Brute force question * [arose8199](https://wordpress.org/support/users/arose8199/) * (@arose8199) * [11 years, 5 months ago](https://wordpress.org/support/topic/brute-force-question/) * Hi, * I have a question. I am getting emails from a site and I see the login names that they try when they hit too many login attempts. Usually they are random, but a couple of times I have seen them use my name like this “firstname-lastname”– this disturbs me as I am no where on the site. I never used my name or email address as a login, only the login info of the people I set it up for. How would they get my name (my name is the first part of my email address)? The only two places I used it at all was to sign up for email alerts from you guys or to test buying an item through woocommerce. * Thanks. * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/) Viewing 2 replies - 1 through 2 (of 2 total) * [WFSupport](https://wordpress.org/support/users/wfsupport/) * (@wfsupport) * [11 years, 5 months ago](https://wordpress.org/support/topic/brute-force-question/#post-5483322) * Hi * Do you have a login for the site? What is the login name and the display name? On some of the commercial sites I manage I saw this happening too. I got tons of random generated names (interesting combinations sometimes too!) but then started to see a trend of real login names being used. I tracked it back to the authors not changing their display names. What clued me in even more was that my admin username (not admin) was used as well. Its not anywhere near what I would think a standard admin username would be. Then I figured out the display name thing. Even though I had never posted on the site, the hackers were able to get it. I changed all the display names including my own, and the problem disappeared. I’d suggest starting with your display name and seeing if that fixes the issue. Of course, they might already have that but I’m betting its a bot that won’t know better. * tim * [kristystnh](https://wordpress.org/support/users/kristystnh/) * (@kristystnh) * [11 years, 5 months ago](https://wordpress.org/support/topic/brute-force-question/#post-5483366) * My situation is a little different, but I did discover a couple of .png files( listed as “added” by the Sucuri plugin) and one of these files contained my username, an old password, and my IP address (I was able to read the file code using Wordfence). * Something to consider for your situation. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Brute force question’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) ## Tags * [brute force](https://wordpress.org/support/topic-tag/brute-force/) * [login limits](https://wordpress.org/support/topic-tag/login-limits/) * 2 replies * 3 participants * Last reply from: [kristystnh](https://wordpress.org/support/users/kristystnh/) * Last activity: [11 years, 5 months ago](https://wordpress.org/support/topic/brute-force-question/#post-5483366) * Status: not resolved