Log in ID for WP

shop deals on amazon
Advertise with us
Shop deals on ebay
Bed & Breakfast / Short Term Rental Host Forum

Help Support Bed & Breakfast / Short Term Rental Host Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Morticia

Morticia

Well-known member
Joined
May 22, 2008
Messages
17,771
Reaction score
685
So, I just logged into my WP account to do some updates on my site. I have Wordfence installed and it shows the attempted login ids that scammers have tried on my site.
An interesting note today is that the previous owner's email address was used this week.
My question is - do you randomly change your user id to prevent unauthorized logins when it seems scammers are 'doing research' to figure out the correct log in?
 
Most definitely.
I rotate my password monthly, and my login ID yearly. Should I see a lot of login failures, I might change that sooner.
I have Wordfence set up to block most overseas sites, which dramatically cuts down on the number of attempted hacks and DOS attacks.
That said, there are evil weasels everywhere, and I'm sure they're going to get through my defenses some day.
 
First, my page isn't under /admin at all, so they would have to find that. Then my username isn't evident. My password is random. And they need to answer two questions on the page, one that changes with each attempt.

I don't think I have had an attempt at logging in in a LONG time... what I see are attempts to upload files.

Wordfence now offers 2FA, so if you have Authy or Google Authenticator, you could add that as well. I have that on my facebook, gmail and amazon accounts, so even the password isn't enough to get in.
 
Generic said:
First, my page isn't under /admin at all, so they would have to find that. Then my username isn't evident. My password is random. And they need to answer two questions on the page, one that changes with each attempt.

I don't think I have had an attempt at logging in in a LONG time... what I see are attempts to upload files.

Wordfence now offers 2FA, so if you have Authy or Google Authenticator, you could add that as well. I have that on my facebook, gmail and amazon accounts, so even the password isn't enough to get in..
Click to expand...
How do you add the second level authentication? IE - the questions.
Altho, I just called to pay for my domain name and one of the questions was what was my library card #. When? 15 years ago? I searched everywhere for where I might have written down the answers. There was another one I also couldn't answer. Yeesh.
 
Morticia said:
Generic said:
First, my page isn't under /admin at all, so they would have to find that. Then my username isn't evident. My password is random. And they need to answer two questions on the page, one that changes with each attempt.

I don't think I have had an attempt at logging in in a LONG time... what I see are attempts to upload files.

Wordfence now offers 2FA, so if you have Authy or Google Authenticator, you could add that as well. I have that on my facebook, gmail and amazon accounts, so even the password isn't enough to get in..
Click to expand...
How do you add the second level authentication? IE - the questions.
Altho, I just called to pay for my domain name and one of the questions was what was my library card #. When? 15 years ago? I searched everywhere for where I might have written down the answers. There was another one I also couldn't answer. Yeesh.
.
Click to expand...
Wordfence does have an option for captcha. I personally didn't put this in place, I hired someone on Fivver to do it for me, after someone broke in, once. They hardened the website to the point that I don't worry about most of it anymore. If you try /admin or /admin.php it comes back as 404. Which makes it all the more difficult.. if you can't manage to find the page to log in.
 
Morticia said:
Generic said:
First, my page isn't under /admin at all, so they would have to find that. Then my username isn't evident. My password is random. And they need to answer two questions on the page, one that changes with each attempt.

I don't think I have had an attempt at logging in in a LONG time... what I see are attempts to upload files.

Wordfence now offers 2FA, so if you have Authy or Google Authenticator, you could add that as well. I have that on my facebook, gmail and amazon accounts, so even the password isn't enough to get in..
Click to expand...
How do you add the second level authentication? IE - the questions.
Altho, I just called to pay for my domain name and one of the questions was what was my library card #. When? 15 years ago? I searched everywhere for where I might have written down the answers. There was another one I also couldn't answer. Yeesh.
.
Click to expand...
Morticia said:
How do you add the second level authentication? IE - the questions.
Click to expand...
We have the Google Captcha Plugin installed. Easy.
 
and this is why no one should play those inane games on social media or answer such questions as who remembers their first phone number, first grade teacher, best friend in high school .... (not saying you do, Morticia).
These are exactly the data mining traps that cross reference seemingly harmless answers with ID's, searching for a match. Those are the questions people answer for identification verification.
I have friends who insist it's harmless to play along, and answer as though it shows how smart they are or some such foolishness.
I still don't know how someone accessed and used my debit card last December. Heck, I can't hardly make high dollar purchases myself without getting a phone call from the bank! I never play those games but may have answered some silly survey years and years ago when the internet was new!
confused_smile.gif
 
seashanty said:
and this is why no one should play those inane games on social media or answer such questions as who remembers their first phone number, first grade teacher, best friend in high school .... (not saying you do, Morticia).
These are exactly the data mining traps that cross reference seemingly harmless answers with ID's, searching for a match. Those are the questions people answer for identification verification.
I have friends who insist it's harmless to play along, and answer as though it shows how smart they are or some such foolishness.
I still don't know how someone accessed and used my debit card last December. Heck, I can't hardly make high dollar purchases myself without getting a phone call from the bank! I never play those games but may have answered some silly survey years and years ago when the internet was new!
confused_smile.gif
.
Click to expand...
Honestly, one you start using 2FA with something like Authy or Google Authenticator, they usually give up.... because the number changes every 2 minutes or so. See https://en.wikipedia.org/wiki/Multi-factor_authentication but basically, I have a rolling code with Google or Facebook that changes about every 2 minutes, and you need my phone to get it. So even with username and password, without that 6 digit code... you still can't get in.
 
Our website got hacked last year and it was down for about almost two weeks. It was through the Google Search Console, so now I have 2 step authentication with Google. My web guy added extra security after he had to totally rebuild my website.
 

Latest posts

Back
Top