List of Usernames to Avoid When Configuring WordPress

by | Feb 11, 2014 | Security

At about 11:00 am this morning (2/10/2014) the guys over at reported a HUGE distributed brute-force hacking attack on WordPress sites around the world.  This time the traffic wasn’t just from Kyivstar, but from random ISPs and countries around the globe.

A brute force attack is when an attacker tries many times to guess your username password combination by repeatedly sending login attempts. A distributed brute force attack is when an attacker uses many machines spread around the internet to do this to circumvent any blocking mechanisms you have in place. (From

Here is a list of usernames that were attempted across all the blogs that we control.  We highly recommend that you DO NOT use any of these usernames on your WordPress installation.  If you are using them, it’s a good time to change your WordPress login.

  • adm
  • admin
  • admin1
  • hostname
  • manager
  • qwerty
  • root
  • support
  • sysadmin
  • test
  • user

Read more about the attack at

If you were attacked with usernames not on this list, let us know in the comments below and we’ll update the post accordingly.

1 Comment

  1. Thanks for the suggestions! Really helpful!


Submit a Comment

Your email address will not be published. Required fields are marked *