WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Admin Login Hack (5 posts)

  1. kschmidt430
    Member
    Posted 1 year ago #

    So, I installed the limit login plugin and I know see when people are trying to hack into my account. They are usually trying "admin" as the username which it obviously isn't, so I haven't worried about it. Today, though, they actually got the right username...so 1, how did they get it, and 2, is it possible to change my username in wp-admin? 3, if not...how can I make it more secure?

    I am a beginner at WordPress so please forgive me if I left out any information.

  2. radon1284
    Member
    Posted 1 year ago #

    in wordpress you cant change the username so
    if you want to change your username go to the your database in phpmyadmin and find this table "wp_user" where "wp_" is prefix it could be something else and find your admin user and change it there
    and this also applicable to your password.

  3. kschmidt430
    Member
    Posted 1 year ago #

    Thank you very much for your help! That definitely did it!

    How do you think they could have found out the login? Just lucky guess or is there a public file somewhere online that they were able to see?

    Thanks for your help again.

  4. bcworkz
    Member
    Posted 1 year ago #

    Unless you saw several other guesses besides admin, I don't think it was a lucky guess. Nothing in the WP installation would divulge that to the public. It only resides in the DB table. Do you use that username anywhere else, such as a forum that accepts links to personal websites? That would be an easy deduction.

    It is transmitted in plaintext when you access your site, so if you did so on a public wi-fi network, it could have been sniffed that way, but I believe your password would have been available as well unless you have SSL access to your site. A keylogger is another possibility, but again, the password would have been available as well.

    I can't really think of a way that the username alone would be discovered except by "shoulder surfing". As long as you have a strong password, knowing the username is not that useful, but I too would sleep better knowing no one knows the username as well.

  5. radon1284
    Member
    Posted 1 year ago #

    there are lot of ways to hack a wp always think that no system is truly secure and its not just the username it could be your password too. if your site has been hack most possible there is code and files inserted somewhere in your wp so check your site. maybe you can install
    a plugin that monitor your files like wordpress file monitor plus and a Exploit Scanner to scan for the malicious code in there and remove it.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags