Why hackers try “random” username?

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    5 years, 5 months ago

    Hi @wpress2010 thanks for your query,

    Are you seeing the likes of these username attempts coming from a “human” source, or a “bot” in your Live Traffic page? I would suspect something like the username you mention to be an automated bot.

    It is very possible that these obscure username attempts have no logic other than an incremented string by a bot attempting a brute force attack, or they could come from a list of known plugin/site vulnerabilities in the past that have been obtained by the attacker. We mostly see attacks that don’t check if a site is vulnerable first. Trying an exploit will usually be attempted without checking a specific plugin or WordPress version and just hoping for some results.

    If you see more accurate attempts in future, /?author=1 or /wp-json/wp/v2/users/1 can in some cases be placed at the end of your site URL to see which users are making posts and edits. Wordfence > All Options > Additional Options > Prevent discovery of usernames through ‘/?author=N’ scans, the oEmbed API, the WordPress REST API, and WordPress XML Sitemaps is in place for this purpose.

    There’s some more information on usernames here: https://www.wordfence.com/help/firewall/brute-force/#prevent-username-discovery

    Thanks,

    Peter.

Viewing 1 replies (of 1 total)

The topic ‘Why hackers try “random” username?’ is closed to new replies.