[ad_1]
So my wife’s user name for logging into WP admin is a series of lower case letters and a few numbers, kind of difficult to guess I thought.
About an hour ago I had an alert from limit login attempts. I checked the logs its my wife’s user name exactly! multiple attempts, so I have renamed it but wtf. How has this happened, both Macs have an AV installed, I copied across the user name and password via Gmail. If someone had access to this then why wouldn’t they have the password…
Im using Fasthosts, they have just migrated the site last week internally. I am at a loss as to how its happened, unless its luck on the hacker/robots part.
​
any advice very welcome
​
[ad_2]
she prolly clicked the wrong email attachment recently
redirect your login url
The most likely issue is a plugin with a vulnerability. If you haven’t already, install Wordfence and run a scan. It may tell you exactly what the issue is.
It didn’t stem from using gmail to send your un/pw.
Usernames are exposed as authors. It’s easy to find these by appending the url with author parameters.
They still have to know/brute force your password, and you can add 2FA. Make it tough password and add 2FA and it’s reduces your chances of being hacked.
If you’re sure it wasn’t your wife forgetting her password(happens to lots of people) then maybe your wife’s username shows as author on posts on the website, or on other social media posts/accounts? Regardless, the good news is they don’t have your password. Change that too though.
Do you have Wordfence running or the limit login attempts plugin? The former can do more to prevent these kinds of things and keep your site more secure.