As the creator and one of the maintainers of the SecLists Project, I like creating lists of usernames and passwords that are live and used in the wild.
So I decided to capture some data on what usernames and passwords were being attempted against my site’s WordPress install over a single day. Here are some of my findings:
The attacks are common and constant
I logged 56,490 malicious attempts to log into my site over the last 7 days, with massive bursts coming from Vietnam and Ukraine.
The usernames don’t vary that much
The top usernames were:
The passwords were quite simple
This is to be expected, but it adds gravity to the point that you should have a good password that’s not on this list:
I found a few things interesting about this data.
Different attacks used widely different lists. In particular, a big attack out of Hanoi didn’t look anything like another attack from Ukraine
Many of the passwords used closing quotes after the password
Well…don’t use simple passwords.
I’ve added the lists to the SecLists Project under the passwords section.