[wp-hackers] Admin Login Brute Force Attacks

Otto otto at ottodestruct.com
Thu Mar 21 00:21:02 UTC 2013

On Wed, Mar 20, 2013 at 7:00 PM, Chip Bennett <chip at chipbennett.net> wrote:
> 1) I don't disable login failure messages

I don't either. No point, since clearly these brute-force attackers
are not using them in any real way. If they were, I wouldn't get
people trying to log in as "admin" when it clearly tells them "Invalid

Usernames aren't private information. People who think they should be
are missing the point or don't understand a few fundamental security


More information about the wp-hackers mailing list