Issue - Malicious Harvesting Of Usernames from WP
Long time no see. Hope all is well.
I have noticed that USERNAMES from WordPress installations are being harvested by malicious people and their robots. Most malicious attempts are coming from Eastern and Northern European regions.
After harvesting USERNAMES, they tried to brute force entry into WP Dashboard using those USERNAMES via the login area. I monitor this using Limit Login WP Plugins.
This issue is chronic and needs to be addressed as there are thousands of WP installations by Warriors.
What I have been doing (below) were not enough to stop the malicious harvesting of usernames :
1. All Posts and Pages do not contain poster names.
2. Visitor Registration for the sites are disabled.
3. All Users are registered manually by me via WP Dashboard
4. All WP Databases are installed manually
5. All WP Database Tables have custom prefixes and not the default WP prefix.
How do they harvest usernames and what further steps should I take to stop this?
I appreciate all ideas. Thank you.
Not sure what ecommerce solution to use? Watch my video walk through of popular shopping carts.
Cheers, John
Codeboss -- Useful Software Tailored For Your Business