Plugin Author
AITpro
(@aitpro)
If you are using uncommon and unique user account names and the bots are finding them then the bots are getting those user account names from your website somewhere. They must be exposed and publicly displayed either directly on the site or in the Source Code of the website.
they aren’t on our website at all. i have checked everything.
so where in the source code do we look?
Plugin Author
AITpro
(@aitpro)
Well get used to the frequency of your sites having hacking attempts made against them. Our sites are attacked 24x7x365 at a rate of somewhere around 10,000 attacks per day on an average day. Automated hacking and spamming is a constant thing these days that goes on all day, every day.
Plugin Author
AITpro
(@aitpro)
The Source Code of a website/website page can be viewed by right mouse clicking on any website page and then click “View Source” or something similar to that depending on which Browser you use.
Plugin Author
AITpro
(@aitpro)
And you can use your Browser’s Search/Find feature to search in the Source Code of any website page. What you want to search for is: author.
ok thank you so much. my tech helper is in tomorrow and i will pass this on to him and our host. then i will reply more tomorrow. so you think the plugin is set up fine, but there is something in our source code? our websites are set up with a one step install from our host so maybe i will look into that….
i just viewed the source and searched for author and can’t find anything.
would it be something in the htaccess file?
Plugin Author
AITpro
(@aitpro)
Nope, bots look at the Source Code of a website to find stuff so that is where they are getting the usernames. They may also do some surface scans, but typically the Source Code of a site is what is scanned to mine (get) data.
Plugin Author
AITpro
(@aitpro)
Or this is pretty common too: http://forum.ait-pro.com/forums/topic/wordpress-author-enumeration-bot-probe-protection-author-id-user-id/
The Bots Query the site with known Queries that expose author names/user account names. The entire process is automated since a Bot is just code that does X, Y and Z. Ie use Query X to find Y and then do Z with that data (Y).
hi again! i think i found the problem! with the WordPress Quick install that we used from our host for 15 out of the 20 websites it makes a default setting in the User setting to have the Username publicly displayed instead of the Nickname. I read it in one of the links you posted. thank you so much. So we will go in and edit all those.
Plugin Author
AITpro
(@aitpro)
Did changing the publicly displayed usernames to nicknames make a difference/work?
Thread Start Date: 1-15-2016
Current Date: 1-21-2016
yes it worked perfectly. thanks again for all your help.
Plugin Author
AITpro
(@aitpro)
Great! Glad to hear that that worked. Thanks for confirming that all is well. 🙂
