As the creator and one of the maintainers of the SecLists Project, I like creating lists of usernames and passwords that are live and used in the wild.
So I decided to capture some data on what usernames and passwords were being attempted against my site’s WordPress install over a single day. Here are some of my findings:
I logged 56,490 malicious attempts to log into my site over the last 7 days, with massive bursts coming from Vietnam and Ukraine.
The top usernames were:
admin (90%)
administrator (8%)
danielmiessler.com (2%)
This is to be expected, but it adds gravity to the point that you should have a good password that’s not on this list:
admin
123456
123123
admin123″
password1″
abc123″
12341234″
querty"
pass"
administrator"
I found a few things interesting about this data.
Different attacks used widely different lists. In particular, a big attack out of Hanoi didn’t look anything like another attack from Ukraine
Many of the passwords used closing quotes after the password
Well…don’t use simple passwords.
I’ve added the lists to the SecLists Project under the passwords section.