Hello everyone :)
I've been using the ThreeWP Activity Monitor plugin to see if there were attempts to log in as admin on my blog, and it allowed me to notice something I didn't expect.
I saw a dictionary attack (thousands of attempts to log in with a series of popular passwords) using my REAL admin's username.
You see, as soon as my blog was created, I created another secret admin-powered user, with a rare username, and deactivated the "admin"-username account.
This way, I thought, even with the right password, a hacker would need to know my username too.
And yet, somebody found a way to know what my actual login was.
I'm a bit confused, here, would you guys know if there's a way to know the username of the admin of a blog ?(So that I can disable it at once.)
I post my shares under my admin username, however my posts' template doesn't show my admin's username.
My blog plugins are all sound and still listed in the wordpress repository, with nobody reporting security issues with them, my template is a default one, a file-to-file binary comparison tool using folder comparison didn't find any suspicious edit in my blog files... So, what ?
So... well, I don't know. I've read the usual "help! my blog has been hacked" pages, over time I've grown experienced in matters of wordpress security (I did plenty of mistakes from which to learn, haha), but, in the present case, I fail to find where I could have been at fault...
Thanks if you've got an idea or a suggestion :)