after installing the Plugin and activating Block user enumeration i found expected entries:
Oct 12 03:36:23 wordpress(domain): Blocked user enumeration attempt from 22.214.171.124
Oct 12 05:34:23 guenter wordpress(domain): Blocked username authentication attempt for uxf65gg46l4 from 126.96.36.199
so ich changed user_login and user_nicename in the Database.
Some days later the new Name was in the log.
So i changed again, but this time with Prefix USERLOGIN / NICENAME
The Nicename was soon in the log:
Oct 12 00:32:08 wordpress(domain): Blocked username authentication attempt for NICENAMEuxf65gg46l4t from 188.8.131.52
Userlogin only for successfull logins:
Oct 12 07:34:48 wordpress(domain): Accepted password for USERLOGINuxF65Gg46L4 from 184.108.40.206
Don’t found where the User Nicename is leaked. If it’s only on my page it may be the Theme (Frontline is a theme run on Elementor Page Builder Plugin)
It’s not so bad, as the username login is blocked and i get attackers via fail2ban
And thanks for the Plugin