Some usernames are so easy to guess, even a computer can do it. Guard your WordPress website by avoiding these obvious usernames.
On the WordPress websites that I manage I use a security plugin called WordFence. If you have a WordPress website I highly recommend installing a security plugin like Wordfence.
A handy feature of Wordfence is the recent activity box on the dashboard which shows info such as the Top 5 IPs Blocked, Top 5 Countries Blocked, and Top 5 Failed Logins.
It is the failed logins that I find interesting. Invariably the most common logins that I see listed here are “admin”, “test”, and the major part of the website URL such as “appleape” (for appleape.com).
Whenever I set up a website I make sure that none of these are valid usernames. Doing this helps to stop hackers who run automated scripts. Of course, it doesn’t take much research to find a valid username for many WordPress websites. But the automated scripts used by most hackers generally only try a few names that are obvious or easy to extract.
In addition to these security steps, make sure you are doing all you can to give hackers a hard time such as using HTTPS, using strong passwords, keeping your WordPress core, plugins, and themes up to date, and keeping thorough backups.