Hackers using admin login "test"

Some criminal somewhere on the planet found that some poor soul used the username “test” with a weak password and got hacked, forever after, the username “test” goes on the exploit testing scripts. No more mysterious than that. Criminals try all sorts of different login user names, not just “admin,” though I’ve heard some criminals have changed their middle name to “admin” in honor of how stupid WordPress was back when it made “admin” the standard default user name. That was just plain weird, but demonstrates the deficient security culture that’s the foundation of WordPress, and why plugins such as Wordfence take weeks of time out of our lives. MTN

P.S., just hide your login using plugin WPS Hide Login and be done with it… MTN

Hello jones417,
when people work with their sites they may create new accounts to test with and then simply make the username “test”. It should be a fairly common occurrence. When they try to bruteforce they continuously change IP-addresses so all the attacks that look like they are coming from different places might all have been initiated by the same person or a smaller group of people.

I have the same problem.
I got 300 emails Site Lockout Notification in these three days.
And I changed login area many times but nothing can stop hacker.

Could someone help us please!.

Vin, just hide the login using plugin I mentioned above… Problem solved.

In my opinion, your 300 emails is indicative of the coming bot-apocalypse that’s going to basically shut down the internet until hosting providers and software developers get proactive rather than reactive. The number of bot attacks is exponentially increasing due to the low cost of entry. They use an enormous amount of bandwidth. How far can that go?

MTN

I got this in every minute and IP addresses change every time.

I tried WPS Hide Login and wp security but can’t help.

Then go basic and put your WordPress login behind a .htaccess password or IP block that only allows your own IP. Along with that, try some country blocking if you don’t need readers from every country in the world. MTN

I just noticed you were probably in Russia, so you can’t block one of the biggest bot sources… but you could at least block the U.S. as we are always at the top of the list for hack/bot source. That said, because bots are routed through IP numbers all over the world, it does help to block countries you don’t need reader from, no matter what. MTN

I have just added my own IP in .htaccess but can not stop this.
I have changed the URL admin login a lot of time but could not help.
Is there any problem in security WP 4.5.1 or 4.5.2 that hacker can attact?.

There is always a problem in security with WordPress and the plugin quagmire, there is no end to it. Sounds like you got hacked, if you can’t even block things using .htaccess… MTN

Even the login is not in value user and this happened in these three days?

In every loggin false, I got the same information like this
“server_http_user_agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1
_message_key user_unknown_login_failed
_xmlrpc_request true”.

Can I stop the Mac Address from this?

Sorry, I don’t know, perhaps someone else will chime in. MTN

Anyway thank you very much for your quickly help!.
Good luck to you!.