Title: Website Under Attack&#8230;
Last modified: August 30, 2016

---

# Website Under Attack…

 *  Resolved [barkins](https://wordpress.org/support/users/barkins/)
 * (@barkins)
 * [10 years, 10 months ago](https://wordpress.org/support/topic/website-under-attack/)
 * Thanks to WordFence I found out that hundreds of attempts have been made to log
   into my website using REAL usernames.
 * I was able to delete the existing usernames and replace them with new accounts,
   however the site is still being targeted and attempts of getting into the website
   with the old existing accounts are still being made. WordFence is blocking them
   however.
 * Is there anything else I should be doing to stop this, or just let it run its
   course?
 * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/)

Viewing 5 replies - 1 through 5 (of 5 total)

 *  [barnez](https://wordpress.org/support/users/pidengmor/)
 * (@pidengmor)
 * [10 years, 10 months ago](https://wordpress.org/support/topic/website-under-attack/#post-6500610)
 * To prevent usernames being harvested:
 * a) make sure that you create a nickname for every user, so that will be displayed
   against any posts they publish
 * b) either try some [.htaccess rules](http://wordpress.stackexchange.com/questions/46469/can-i-prevent-enumeration-of-usernames)
   to prevent [username enumeration](http://www.acunetix.com/blog/articles/wordpress-username-enumeration-using-http-fuzzer/)(
   basically a scan to discover the usernames of a site)
 * c) Use a [plugin solution](https://wordpress.org/plugins/stop-user-enumeration/)
   to stop the usernames being discovered
 * Them, most important of all, use and enforce/encourage strong passwords.
 * Good luck!
 *  Thread Starter [barkins](https://wordpress.org/support/users/barkins/)
 * (@barkins)
 * [10 years, 10 months ago](https://wordpress.org/support/topic/website-under-attack/#post-6500611)
 * Thanks for the tips barnez.
 * Thankfully I already had ‘enforce strong passwords’ active.
 *  Plugin Author [WFMattR](https://wordpress.org/support/users/wfmattr/)
 * (@wfmattr)
 * [10 years, 10 months ago](https://wordpress.org/support/topic/website-under-attack/#post-6500632)
 * Thanks, @barnez, for weighing in!
 * Wordfence also has an option to stop a certain type of scan for author names 
   that is used fairly often. On the Wordfence Options page, look for:
    “Prevent
   discovery of usernames through ‘?/author=N’ scans”
 * Some themes leak the username as part of a class name, usually on the <body> 
   element — if you view the source of your site, you may find a page’s username
   there. It’s intended to be used for styling different authors’ pages differently.
   If any of the plugins that barnez mentioned don’t work for your particular theme,
   you might want to ask the theme author if there is a way to disable it.
 *  Thread Starter [barkins](https://wordpress.org/support/users/barkins/)
 * (@barkins)
 * [10 years, 10 months ago](https://wordpress.org/support/topic/website-under-attack/#post-6500740)
 * Thanks WFMattR. I already had that feature checked off, making it even more disturbing
   how the account names were found out. I also don’t have the usernames listed 
   in the body class either. Quite disturbing.
 * Thankfully WordFence was installed on the site.
 *  Plugin Author [WFMattR](https://wordpress.org/support/users/wfmattr/)
 * (@wfmattr)
 * [10 years, 10 months ago](https://wordpress.org/support/topic/website-under-attack/#post-6500776)
 * If you can’t find the username in any pages yourself, then that a bit is unusual.
   It could be that there is another method bots are just starting to use — or they
   got the username a long time ago, before this option was created.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Website Under Attack…’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 5 replies
 * 3 participants
 * Last reply from: [WFMattR](https://wordpress.org/support/users/wfmattr/)
 * Last activity: [10 years, 10 months ago](https://wordpress.org/support/topic/website-under-attack/#post-6500776)
 * Status: resolved