[ad_1]
Hello!
I’ve installed the Simple History plug-in and now I can see every day I get a hundred attempts to log into my WP site. I assume they’re bots because they use generic names like ‘admin’ (which doesn’t exist). What I’d like to know is 2 things:
1. They are attempting to log in using a username very similar but not exact to my username. Ex, if the real one is “web.dev.acct” they are using “web.dev-acct”. How are they able to guess this username but also be wrong?
2. They are attempting to login using random names not associated with our business. Ex “williamstone1″ or ” jannureropa”
Lastly, I’ve a very novice user, any ideas to easily implement security (plug-ins?) for these type of login attempts?
[ad_2]
Yes, login attempts are normal for all WordPress site.
​
>They are attempting to log in using a username very similar but not exact to my username. Ex, if the real one is “web.dev.acct” they are using “web.dev-acct”. How are they able to guess this username but also be wrong?
That’s odd. Usually usernames are sourced from either blog posts or /wp-json/wp/v2/users – perhaps it is/was written incorrectly at some point.
​
>They are attempting to login using random names not associated with our business. Ex “williamstone1″ or ” jannureropa”
That’s normal.
As long as you’re using strong passwords (e.g. 32 char, completely random), there’s nothing to worry about.