[resolved] Can usernames be guessed by malware? (3 posts)

  1. gabolonte
    Posted 1 year ago #

    Hello all, first time here :)

    From some time ago I was using Limit Login Attempts plugin (http://devel.kostdoktorn.se/limit-login-attempts) wich reports me every blocked ip address that was guessing passwords on my site. You can bet 99% of times admin was the username bots are attacking, but this time I find that some ip from France was trying to brute-force a custom username, one created by me that its not public in any way.

    Since this is happening at an special site wich I modified to not include any mention to the posts's authors (removing things like meta property="article:author" for example) I wonder how this is possible. Anyone can tell me wich knowns methods are available for guessing a WP username and could they can be mitigated?

  2. ClaytonJames
    Posted 1 year ago #

    Any evidence in your log files of a script trying to enumerate users? I occasionally see hits in my logs from the WPScan script (or similar) looking for user names. Some basic info - link goes to Google - enumerate wordpress users

    The requests in the logs will end in something similar to this: /?author=1, and often incremented from 1 to 10. That might be a possible explanation.

  3. gabolonte
    Posted 1 year ago #

    Wow, I was not inclined to think that it was so easy to do. I think I'm failed searching for this because I'm missing one important keyword: Enumerate

    Thank you for your help, I'll try with one of the .htaccess based solutions proposed out there to see if I can stop it.

Topic Closed

This topic has been closed to new replies.

About this Topic