The most frequent type of attack against WordPress is a brute force attack against the login page.
Hackers will use automated software in attempt to gain access to a website by trying different combinations of usernames and passwords repeatedly, until a correct combination is found.
When usernames are displayed, the hacker’s odds of finding a correct login combination increases.
We are finding that WordPress may display usernames in numerous ways, which need not be mentioned in this article. With that, we have implemented security fixes to help prevent usernames from being seen in plain sight as well as implemented procedures to monitor and thwart brute force attacks.
You can further help us by making sure your display name is not the same as your username by updating your account profile.
Updating Your Account Profile
Change Display Name
Login to your WordPress site.
On the admin sliver, you will see a “Howdy” message at the top right.
Hover over that and you will be given the option to “Edit My Profile.”
Under the Name section, you will see your Username and additional fields for First Name, Last Name, Nickname, and Display name publicly as.
Please fill out the First and Last Name fields.
Then click the Update Profile button at the bottom of the page.
After doing so, you will be able to set your Display Name.
Go back to the Display name publicly as drop down and select your full name.
Click the Update Profile button at the bottom of the page.
Change Account Password
You may also change your password here using this profile page.
Scroll down to the About Yourself section.
You may create a new password by filling out the New Password and Repeat New Password fields.
Click the Update Profile button at the bottom of the page when done.
Your new password must abide by the password constraints that is described in the note seen beneath the fields. We apologize for imposing such complex passwords, but the most common breach is through weak passwords. Better safe than sorry!