Top WordPress Attack Passwords

July 13, 2014
pewpew1

As the creator and one of the maintainers of the SecLists Project, I like creating lists of usernames and passwords that are live and used in the wild.

So I decided to capture some data on what usernames and passwords were being attempted against my site’s WordPress install over a single day. Here are some of my findings:

The attacks are common and constant

  1. I logged 56,490 malicious attempts to log into my site over the last 7 days, with massive bursts coming from Vietnam and Ukraine.

The usernames don’t vary that much

The top usernames were:

  1. admin (90%)

  2. administrator (8%)

  3. danielmiessler.com (2%)

The passwords were quite simple

This is to be expected, but it adds gravity to the point that you should have a good password that’s not on this list:

  1. admin

  2. 123456

  3. 123123

  4. admin123″

  5. password1″

  6. abc123″

  7. 12341234″

  8. querty"

  9. pass"

  10. administrator"

Some observations

I found a few things interesting about this data.

  • Different attacks used widely different lists. In particular, a big attack out of Hanoi didn’t look anything like another attack from Ukraine

  • Many of the passwords used closing quotes after the password

Takeaways

Well…don’t use simple passwords.

I’ve added the lists to the SecLists Project under the passwords section.

Thank you for reading...