Title: Hacker problem Last modified: August 31, 2021 --- # Hacker problem * [hapzfl](https://wordpress.org/support/users/hapzfl/) * (@hapzfl) * [4 years, 8 months ago](https://wordpress.org/support/topic/hacker-problem/) * How can hackers find out the administrators login name? * I use a plug-in to stop fishing attacks by denying them access after a certain number of failed logins. However, that fails if they happen to use my administrators name. How are they able to get that name which is not used in public? * That happened several times in the past year and every time I am forced to change that name immediately after I detected that issue. The problem with such a name change is not as easy as it sounds as it requires more than one email as WP only accepts the same email once. - This topic was modified 4 years, 8 months ago by [Jan Dembowski](https://wordpress.org/support/users/jdembowski/). Reason: Moved to Fixing WordPress, this is not an Everything else WordPress topic Viewing 5 replies - 1 through 5 (of 5 total) * Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * (@sterndata) * Volunteer Forum Moderator * [4 years, 8 months ago](https://wordpress.org/support/topic/hacker-problem/#post-14823772) * As long as you have a good, strong password, there’s no danger in the userid being used by your admin user being known. * Since you did not publish a link to your site, I can’t see how it might be exposed, but it’s not a threat. There’s no need to change it. * [Kuldeep](https://wordpress.org/support/users/soberbanda/) * (@soberbanda) * [4 years, 8 months ago](https://wordpress.org/support/topic/hacker-problem/#post-14823844) * [@hapzfl](https://wordpress.org/support/users/hapzfl/) You can use a two step verification using google authenticator app further security. Here is how that works: * > [https://www.wpbeginner.com/wp-tutorials/11-vital-tips-and-hacks-to-protect-your-wordpress-admin-area/](https://www.wpbeginner.com/wp-tutorials/11-vital-tips-and-hacks-to-protect-your-wordpress-admin-area/) * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [4 years, 8 months ago](https://wordpress.org/support/topic/hacker-problem/#post-14823868) * Moved to Fixing WordPress, this is not an Everything else WordPress topic. * > That happened several times in the past year and every time I am forced to > change that name immediately after I detected that issue. * Changing the names does not accomplish anything at all and is a game of whack- a-mole. It is not a good use of anyone’s time. * > How can hackers find out the administrators login name? * Many ways and none of it matters. User names for example like `jan`, `jdembowski`,` jan_dembowski`, `coffee_monkee` etc. have zero security. They are not supposed to. * Like Steve wrote it is the strong passwords like `j83eKAYvg.^]tq2/a3_\8s=*ApVB` or `=.#"VM%cQ?83G*-u2y'2x#&{a`or even `\Ws$PzTbEqD3d@b-aKE2,BygrqHHGHhu,3A{!n >-` that make your accounts secure. * A password manager such as LastPass or 1Password can assist you with that. For even more security you can add two factor authentication such as a time based code or a Yubikey. * [https://wordpress.org/support/article/two-step-authentication/](https://wordpress.org/support/article/two-step-authentication/) * On WordPress I use this plugin for that. * [https://wordpress.org/plugins/two-factor/](https://wordpress.org/plugins/two-factor/) * That plugin supports time based codes as well as hardware tokens such as YubiKey. * [https://en.wikipedia.org/wiki/YubiKey](https://en.wikipedia.org/wiki/YubiKey) * Using 2FA is not trivial and if you do activate it make sure you understand the implications of losing your token or YubiKey. * Thread Starter [hapzfl](https://wordpress.org/support/users/hapzfl/) * (@hapzfl) * [4 years, 8 months ago](https://wordpress.org/support/topic/hacker-problem/#post-14823919) * Thanks for all your replies but aside from protecting the login process I still would like to know how the hacker gets my admin name. * Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * (@sterndata) * Volunteer Forum Moderator * [4 years, 8 months ago](https://wordpress.org/support/topic/hacker-problem/#post-14823993) * There are a number of ways, from cycling through authors to using JSON, to just examining post meta. As you have not published a link, I can’t see which might be usable. You can google this. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Hacker problem’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 5 replies * 4 participants * Last reply from: [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * Last activity: [4 years, 8 months ago](https://wordpress.org/support/topic/hacker-problem/#post-14823993) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics