Log in ID for WP

7 replies [Last post]
Morticia's picture
Offline
Joined:
05/22/2008

So, I just logged into my WP account to do some updates on my site. I have Wordfence installed and it shows the attempted login ids that scammers have tried on my site.

An interesting note today is that the previous owner's email address was used this week.

My question is - do you randomly change your user id to prevent unauthorized logins when it seems scammers are 'doing research' to figure out the correct log in?

__________________

Never judge a person's story by the chapter you walked in on.

 

seashanty's picture
Offline
Joined:
06/02/2008

and this is why no one should play those inane games on social media or answer such questions as who remembers their first phone number, first grade teacher, best friend in high school .... (not saying you do, Morticia).

These are exactly the data mining traps that cross reference seemingly harmless answers with ID's, searching for a match. Those are the questions people answer for identification verification. 

I have friends who insist it's harmless to play along, and answer as though it shows how smart they are or some such foolishness. 

I still don't know how someone accessed and used my debit card last December. Heck, I can't hardly make high dollar purchases myself without getting a phone call from the bank! I never play those games but may have answered some silly survey years and years ago when the internet was new!  

frown

Generic's picture
Offline
Joined:
02/24/2011

Honestly, one you start using 2FA with something like Authy or Google Authenticator, they usually give up.... because the number changes every 2 minutes or so. See https://en.wikipedia.org/wiki/Multi-factor_authentication but basically, I have a rolling code with Google or Facebook that changes about every 2 minutes, and you need my phone to get it. So even with username and password, without that 6 digit code... you still can't get in.

__________________

Permission to quote in whole or in part, other than usage on this forum, is entirely forbidden.

 

Generic's picture
Offline
Joined:
02/24/2011

First, my page isn't under /admin at all, so they would have to find that. Then my username isn't evident. My password is random. And they need to answer two questions on the page, one that changes with each attempt.

I don't think I have had an attempt at logging in in a LONG time... what I see are attempts to upload files. 

Wordfence now offers 2FA, so if you have Authy or Google Authenticator, you could add that as well. I have that on my facebook, gmail and amazon accounts, so even the password isn't enough to get in.

Morticia's picture
Offline
Joined:
05/22/2008

How do you add the second level authentication? IE - the questions.

Altho, I just called to pay for my domain name and one of the questions was what was my library card #. When? 15 years ago? I searched everywhere for where I might have written down the answers. There was another one I also couldn't answer. Yeesh.

Momma Smurf's picture
Offline
Joined:
12/06/2010

Morticia wrote:

How do you add the second level authentication? IE - the questions.

We have the Google Captcha Plugin installed.  Easy.

__________________

The Truth and an Open Mind Shall Set You Free

 

Generic's picture
Offline
Joined:
02/24/2011

Wordfence does have an option for captcha. I personally didn't put this in place, I hired someone on Fivver to do it for me, after someone broke in, once. They hardened the website to the point that I don't worry about most of it anymore. If you try /admin or /admin.php it comes back as 404. Which makes it all the more difficult.. if you can't manage to find the page to log in.

PhineasSwann's picture
Offline
Joined:
09/25/2012

Most definitely. 

I rotate my password monthly, and my login ID yearly. Should I see a lot of login failures, I might change that sooner. 

I have Wordfence set up to block most overseas sites, which dramatically cuts down on the number of attempted hacks and DOS attacks. 

That said, there are evil weasels everywhere, and I'm sure they're going to get through my defenses some day. 

__________________

Darren
Innkeeper & Owner

 

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.