Here's a puzzler for the computerheads that know more about Internet skullduggery than I. I haven't engaged in skullduggery for at least 30 years so I'm kind of rusty. Lol.

So I've had an instance of Enterprise / Unlimited Wordpress installed and running on my server for a long time. My server is a Linux machine that I rent from 1and1 / ionos.

For top level administration, I disabled the default admin user and created a different user with admin privileges that I use. This account is under continuous login attack. I'm not terribly worried because the password is a long random string and I have timed lockout measures in place. It's kind of hard to try billions of possibilities when you're locked out for 20 minutes.

What puzzles me is how did they discover the username, which is also a random string? They have the right username. How was it discovered?

Any ideas? I'm really just curious.
I should perhaps remind that my original puzzle was "how did the attackers learn the username?" The username is a unique string of random characters, not used anywhere except as the username of a Wordpress user. Not an email user. Not a user anywhere else.

That's my puzzle.
Follow

@shuttersparks if it's a plain vanilla wordpress install then

HTTPS://blogname.domain/?author=n will send you to the author page for valid values of n (starting at 1)

Plugins like wordfence will block this behaviour.

Does that help explain it?

Sign in to participate in the conversation
Tŵt Cymru | Toot Wales

The independent social network for Wales, the Welsh, and everyone else! | Y rhwydwaith gymdeithasol annibynnol i Gymru. Tŵt is the social media network that puts YOU in charge. No data mining, no silly ads. Your Wales, your voice, join today! Tŵt yw’r rhwydwaith gymdeithasol sy’n rhoi rheolaeth i TI. Dim cloddio data, dim hysbysebion twp. Dy Gymru, dy lais, ymuna heddiw!