I built a new site and forgot to protect against the “?author=n” technique. I had 2fa on all accounts so no hacker got access to the site’s admin.
I’ve since fixed that security issue. Is there other methods that are used to learn user names? I ask because I’m still getting attempts to login with the hacked user name. They have no success since they are 2fa accounts. I’ll change to new users shortly.
On a corollary question: Why does WordPress not assign the user number in a random method rather then serially as it is done today?
Read more here:: Are there mutiple ways to get usernames (as a hacker)