[wp-hackers] Admin Login Brute Force Attacks

[Otto]

On Wed, Mar 20, 2013 at 7:00 PM, Chip Bennett <chip at chipbennett.net> wrote:
> 1) I don't disable login failure messages

I don't either. No point, since clearly these brute-force attackers
are not using them in any real way. If they were, I wouldn't get
people trying to log in as "admin" when it clearly tells them "Invalid
Username".

Usernames aren't private information. People who think they should be
are missing the point or don't understand a few fundamental security
concepts.

-Otto