Title: Hackers using admin login "test" Last modified: August 31, 2016 --- # Hackers using admin login "test" * Resolved [Justin](https://wordpress.org/support/users/jones417/) * (@jones417) * [10 years ago](https://wordpress.org/support/topic/hackers-using-admin-login-test/) * Recently WordFence has been locking out attempted hacks using the username “test”. WordFence does a great job keeping my site safe. Why would hackers use the name“ test” instead of “admin” or the site name? * Is there a new method hackers are using to attempt to gain access. I ask because I get users locked out all the time for bad usernames. But the username “test” is a new one. Also I have been seeing this many times in the past few days on different sites and seemingly from different geo locations. * Thanks WordFence! * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/) Viewing 15 replies - 1 through 15 (of 21 total) 1 [2](https://wordpress.org/support/topic/hackers-using-admin-login-test/page/2/?output_format=md) [→](https://wordpress.org/support/topic/hackers-using-admin-login-test/page/2/?output_format=md) * [mountainguy2](https://wordpress.org/support/users/mountainguy2/) * (@mountainguy2) * [10 years ago](https://wordpress.org/support/topic/hackers-using-admin-login-test/#post-7359656) * Some criminal somewhere on the planet found that some poor soul used the username“ test” with a weak password and got hacked, forever after, the username “test” goes on the exploit testing scripts. No more mysterious than that. Criminals try all sorts of different login user names, not just “admin,” though I’ve heard some criminals have changed their middle name to “admin” in honor of how stupid WordPress was back when it made “admin” the standard default user name. That was just plain weird, but demonstrates the deficient security culture that’s the foundation of WordPress, and why plugins such as Wordfence take weeks of time out of our lives. MTN * [mountainguy2](https://wordpress.org/support/users/mountainguy2/) * (@mountainguy2) * [10 years ago](https://wordpress.org/support/topic/hackers-using-admin-login-test/#post-7359658) * P.S., just hide your login using plugin WPS Hide Login and be done with it… MTN * [wfasa](https://wordpress.org/support/users/wfasa/) * (@wfasa) * [10 years ago](https://wordpress.org/support/topic/hackers-using-admin-login-test/#post-7359673) * Hello jones417, when people work with their sites they may create new accounts to test with and then simply make the username “test”. It should be a fairly common occurrence. When they try to bruteforce they continuously change IP-addresses so all the attacks that look like they are coming from different places might all have been initiated by the same person or a smaller group of people. * [vinhton](https://wordpress.org/support/users/vinhton/) * (@vinhton) * [10 years ago](https://wordpress.org/support/topic/hackers-using-admin-login-test/#post-7359688) * I have the same problem. I got 300 emails Site Lockout Notification in these three days. And I changed login area many times but nothing can stop hacker. * Could someone help us please!. * [mountainguy2](https://wordpress.org/support/users/mountainguy2/) * (@mountainguy2) * [10 years ago](https://wordpress.org/support/topic/hackers-using-admin-login-test/#post-7359690) * Vin, just hide the login using plugin I mentioned above… Problem solved. * In my opinion, your 300 emails is indicative of the coming bot-apocalypse that’s going to basically shut down the internet until hosting providers and software developers get proactive rather than reactive. The number of bot attacks is exponentially increasing due to the low cost of entry. They use an enormous amount of bandwidth. How far can that go? * MTN * [vinhton](https://wordpress.org/support/users/vinhton/) * (@vinhton) * [10 years ago](https://wordpress.org/support/topic/hackers-using-admin-login-test/#post-7359693) * I got this in every minute and IP addresses change every time. * [vinhton](https://wordpress.org/support/users/vinhton/) * (@vinhton) * [10 years ago](https://wordpress.org/support/topic/hackers-using-admin-login-test/#post-7359695) * I tried WPS Hide Login and wp security but can’t help. * [mountainguy2](https://wordpress.org/support/users/mountainguy2/) * (@mountainguy2) * [10 years ago](https://wordpress.org/support/topic/hackers-using-admin-login-test/#post-7359696) * Then go basic and put your WordPress login behind a .htaccess password or IP block that only allows your own IP. Along with that, try some country blocking if you don’t need readers from every country in the world. MTN * [mountainguy2](https://wordpress.org/support/users/mountainguy2/) * (@mountainguy2) * [10 years ago](https://wordpress.org/support/topic/hackers-using-admin-login-test/#post-7359697) * I just noticed you were probably in Russia, so you can’t block one of the biggest bot sources… but you could at least block the U.S. as we are always at the top of the list for hack/bot source. That said, because bots are routed through IP numbers all over the world, it does help to block countries you don’t need reader from, no matter what. MTN * [vinhton](https://wordpress.org/support/users/vinhton/) * (@vinhton) * [10 years ago](https://wordpress.org/support/topic/hackers-using-admin-login-test/#post-7359702) * I have just added my own IP in .htaccess but can not stop this. I have changed the URL admin login a lot of time but could not help. Is there any problem in security WP 4.5.1 or 4.5.2 that hacker can attact?. * [mountainguy2](https://wordpress.org/support/users/mountainguy2/) * (@mountainguy2) * [10 years ago](https://wordpress.org/support/topic/hackers-using-admin-login-test/#post-7359703) * There is always a problem in security with WordPress and the plugin quagmire, there is no end to it. Sounds like you got hacked, if you can’t even block things using .htaccess… MTN * [vinhton](https://wordpress.org/support/users/vinhton/) * (@vinhton) * [10 years ago](https://wordpress.org/support/topic/hackers-using-admin-login-test/#post-7359704) * Even the login is not in value user and this happened in these three days? * [vinhton](https://wordpress.org/support/users/vinhton/) * (@vinhton) * [10 years ago](https://wordpress.org/support/topic/hackers-using-admin-login-test/#post-7359706) * In every loggin false, I got the same information like this “server_http_user_agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1 _message_key user_unknown_login_failed _xmlrpc_request true”. * Can I stop the Mac Address from this? * [mountainguy2](https://wordpress.org/support/users/mountainguy2/) * (@mountainguy2) * [10 years ago](https://wordpress.org/support/topic/hackers-using-admin-login-test/#post-7359707) * Sorry, I don’t know, perhaps someone else will chime in. MTN * [vinhton](https://wordpress.org/support/users/vinhton/) * (@vinhton) * [10 years ago](https://wordpress.org/support/topic/hackers-using-admin-login-test/#post-7359708) * Anyway thank you very much for your quickly help!. Good luck to you!. Viewing 15 replies - 1 through 15 (of 21 total) 1 [2](https://wordpress.org/support/topic/hackers-using-admin-login-test/page/2/?output_format=md) [→](https://wordpress.org/support/topic/hackers-using-admin-login-test/page/2/?output_format=md) The topic ‘Hackers using admin login "test"’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 21 replies * 5 participants * Last reply from: [wfasa](https://wordpress.org/support/users/wfasa/) * Last activity: [10 years ago](https://wordpress.org/support/topic/hackers-using-admin-login-test/page/2/#post-7359724) * Status: resolved