As the creator and one of the maintainers of the SecLists Project, I like creating lists of usernames and passwords that are live and used in the wild.

So I decided to capture some data on what usernames and passwords were being attempted against my site’s WordPress install over a single day. Here are some of my findings:

The attacks are common and constant

1. I logged 56,490 malicious attempts to log into my site over the last 7 days, with massive bursts coming from Vietnam and Ukraine.

The usernames don’t vary that much

The top usernames were:

1. admin (90%)
2. administrator (8%)
3. danielmiessler.com (2%)

The passwords were quite simple

This is to be expected, but it adds gravity to the point that you should have a good password that’s not on this list:

1. admin
2. 123456
3. 123123
4. admin123″
5. password1″
6. abc123″
7. 12341234″
8. querty”
9. pass”
10. administrator”

Some observations

I found a few things interesting about this data.

• Different attacks used widely different lists. In particular, a big attack out of Hanoi didn’t look anything like another attack from Ukraine
• Many of the passwords used closing quotes after the password

Takeaways

Well…don’t use simple passwords.

I’ve added the lists to the SecLists Project under the passwords section.