Failed login using hidden author name
-
My client’s site has suddenly been getting multiple failed logins today using the author name of multiple user accounts. But the way I have the site set up, it doesn’t show the author name of the posts. How are they getting this information?
When I’ve done a View Source in a browser where I’m not logged into the site, the author name is not anywhere in the source code. I’ve virus-scanned my own computer and my client has done the same, with no issues.
These have come from multiple IPs, so someone has the site on their radar. But I assume if they had hacked the site, per se, they would be using the login usernames, not the author name (which I think is also called the “nice name”?).
I’ve tested the /?author=1 and /wp-json/wp/v2/users/1, and the author/user’s name is not visible there. And I’ve also got the “Prevent discovery of usernames through ‘/?author=N’ scans” option checked. And everything is up to date, including plugins and WordPress. So I’m baffled how they are getting this information.
I’ve searched through this forum but don’t see anything that addresses this issue.
It’s too close for comfort and I would like to be able to block access to this information. Thanks in advance for help with this.
The page I need help with: [log in to see the link]
-
Hey @evolvingdoor,
Without having someone review the site it really isn’t possible to say how the names are being revealed. It’s possible that a plugin or theme is linking to them. As long as you’re using Two-Factor and strong passwords I wouldn’t worry too much about it. There’s only so much we can do to prevent an attack, it’s more about making sure they aren’t successful, which it sounds like Wordfence is doing.
Please let us know if anything else comes up.
Thanks,
Gerroald
The topic ‘Failed login using hidden author name’ is closed to new replies.
