Failed login attempts


(Miroslav Glavić) #1

I had 300 something pages worth of logs.

Someone fails to log in to my site and I get an entry in the log, IP, username they attempted and date/time.

the usual admin is there.

I even had a few Admin show up as well. yes different than admin

  • mchanin
  • useradmin
  • wpupdatestream
  • asdad
  • admin_miroir
  • administrator
  • www
  • a
  • d
  • 2
  • i
  • x
  • s
  • w
  • o
  • d

Are there people out there that actually use single letter for username? or even passwords?

Most of the 300+ attemps were with admin by the way.

how long is your username and password?

I also noticed a lot of entries with just the domain. like in here/… wpchat or if the domain is whatevergoogle.com then whatevergoogle was tried.

Do you use your domain as part of your username?


(Mohammad Tajim) #2

Single letter ? No.

But domain as part of username? Sometimes, when i am installing WordPress for clients.

But I don’t use just the domain name but rather something like “thisdomainadmin” or something like that.


(Hudson Atwell) #3

It’s not relevant to the question, but all sites not hosted on wpengine (where they have automatic login limiting) I put the WordFence plugin on, which helps me add extra security and hack detection.

Our local ISP business hosting provider would setup FTP and Admin access usernames using the domain as the username. It’s not a recommended practice but it does help the older generations remember.


(Miroslav Glavić) #4

would your hosting provider let you change the username?