[wp-hackers] Admin Login Brute Force Attacks
Otto
otto at ottodestruct.com
Thu Mar 21 00:21:02 UTC 2013
On Wed, Mar 20, 2013 at 7:00 PM, Chip Bennett <chip at chipbennett.net> wrote:
> 1) I don't disable login failure messages
I don't either. No point, since clearly these brute-force attackers
are not using them in any real way. If they were, I wouldn't get
people trying to log in as "admin" when it clearly tells them "Invalid
Username".
Usernames aren't private information. People who think they should be
are missing the point or don't understand a few fundamental security
concepts.
-Otto
More information about the wp-hackers
mailing list