Brute Force Firewall for WordPress: Most common username attempts

Brute Force Firewall for WordPress: Most common username attempts

One of the ways hackers try to compromise sites is via a Brute Force Login Attack. This is where attackers use repeated login attempts until they guess the right password and username combination. WordPress has a lot of plugins to help you protect your site against unwanted visitors and some of those plugins allow you to instantly block certain usernames.
So to help you block the right usernames here’s a list of usernames most often used in Brute Force Login Attacks:

Static usernames:

These usernames are most commonly used to try to login, obviously it’s not recommended to use these as one of your usernames.

admin
administrator
test
tester
testuser
test123
user
support
demo

Dynamic Usernames

Hackers also often use your sites information to try to login, in this example we use this website (papinschipper.nl).

papinschipper (domain)
papinschipper.nl (domain+extension)
admin@papinschipper.nl (admin@domain+extension)
papinschipper@papinschipper.nl (domain@domain+extension)

Like this post?

If you like this post: read this post to get a IP List Of Known WordPress Hackers