WordPress stopped auto filling in the ‘admin’ username on install a while ago in version 3.7, but that doesn’t mean someone can’t fill it in that way themselves. Here’s a screenshot that shows why this is a bad idea:
I get these bruteforce notifications multiple times a day. Here’s a few other usernames they like to try:
- demo
- adm
- toor
- user
toor? What the heck is that?
Hello. Do hackers only need admin username to hack a website?
Oh Richard…