Admin username being discovered

  • Someone keeps discovering my admin username. I know it’s the password that really protects the account but I prefer to not keep seeing incorrect password attempts from thousands of different IP addresses.

    I have REST disabled so trying /wp-json/wp/v2/users/1 or /?author=1 doesn’t divulge the user name.

    I think I found where they are getting it from. In my footer of my Posts, there is this code snippet:

    <script>var _tmip=_tmip||[];
    _tmip.push({“tags”: {“author”: “***admin username***”}});</script>

    But I don’t know where in WordPress this might be turned off. It’s a Divi based site.

    • This topic was modified 4 years, 9 months ago by t-p. Reason: Moved to Fixing WordPress from Everything else WordPress
Viewing 1 replies (of 1 total)

  • It looks like someone has injected a javascript code in your website. I′d first look into your WordPress files or database to see if you can find that code and remove it.

    Another solution might be to create a fresh install and install manually themes, plugins and export content from old website and import it again.

Viewing 1 replies (of 1 total)
  • The topic ‘Admin username being discovered’ is closed to new replies.