I have noticed a constant brute force attack on a clients website specifically using the S2 client membership list. There is no visual client list nor are the names posted in comments.
I’m wondering if anyone else is having a brute force attack login attempt using S2 member names?
Every day maybe 5000 or so. Use a security plugin like Wordfence or WP Cerber to shield my sites. Usually they try to login with admin, domain and so on. Those I block after first try for 2 hours. Others need to give more leeway.
Even if there is no list, it is possible to check the usernames. Use a security plugin blocking the bad bots searching for usernames (SecuPress, Ninja Firewall, Wordfence…).
I have noticed this on occasion.
Recommendations:
Use security plugin like others have mentioned (I use Wordfence).
For anyone with elevated access (admin/editor/etc), use a plugin like “Edit Author Slug” to change the slug of the user to something other than their username. (With this change, it makes it very difficult for someone probing the site to actually discover valuable usernames.)
Hope this helps.
~Cam