Security Question

  • dmizesr

    (@dmizesr)


    7 years ago

    I don’t know where to ask this so I’m starting here.

    I installed the Sucuri security plugin on WP. It notifies me each time there’s a failed login and I get about 20 a day. It tells me the username of the attempted login.

    I recently changed the name of the index.php in the wp-admin folder as well as changing the login name to something completely obscure. After about 24 hours I started getting security warnings again using the login name I had changed. My question is, how in the world did someone get the username? There’s no way it could’ve been guessed in less than a few thousand attempts. And also how did they figure out the new login page name? I’ve turned off indexes so no one could just list the files in the directory. So, where’s the leak?

    I’d appreciate a pointer in the right direction if this is the wrong place, and thanks in advance for the help.

    DWM

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security Question’ is closed to new replies.