Feeding yourself: Revealing the top 25 worst administrator account names for WordPress websites in 2025¶
Original link: https://www.itylq.com/2025-the-worst-wpaccounts.html
Release date: 2025-12-10 Migration time: 2026-03-21
Recently, I have been checking my circle of friends to see if someone has begun to post year-end summaries one after another. My friend, my dear treasure, I have not left out any of the rituals that should be performed. Today I will take you to see this little website to collect the most authentic website explosion failure records from the Internet throughout 2025, and the names of the top 25 worst administrator accounts for WordPress websites in 2025.
1 Data source¶
From Login Lockdown, the website breaking statistics plug-in, there are 28,427 records throughout the year. Sigh, the Internet is really busy. I don’t know how many night owls or automatic programs are scanning and testing day and night~
2 Data Analysis¶
Fortunately, the interception records of Login Lockdown are stored directly in the MySQL database, which makes data analysis simpler and faster. Pick up the half-baked MySQL query command and simply query:
SELECT failed_user,COUNT(*) AS times
FROM it_login_fails
WHERE failed_user IS NOT NULL
GROUP BY failed_user
ORDER BY times DESC,failed_user ASC
LIMIT 30;
The query results are shown in Figure 2 below.
3 Top 25 Worst Admin Accounts of 2025¶
After manually removing some interference items for specific tools and some meaningless strings, the remaining top 25 administrator accounts are as follows:
| Administrator account name | Number of collisions | Proportion | Description |
|---|---|---|---|
| itylq | 22342 | 78.59% | No suffix domain name |
| admin | 2601 | 9.15% | Administrator account |
| test | 125 | 0.44% | test |
| admin@wordpress.com | 121 | 0.43% | admin+wordpress |
| administrator1@wordpress.com | 78 | 0.27% | administrator+wordpress |
| root | 76 | 0.27% | Administrator account |
| itylqcom | 51 | 0.18% | domain name |
| wadminw | 42 | 0.15% | Administrator account variant |
| admin@itylq.com | 38 | 0.13% | Administrator domain name |
| demo | 36 | 0.13% | |
| adminroot | 33 | 0.12% | Administrator account variant |
| admin2 | 30 | 0.11% | Administrator account variant |
| itylq.com | 30 | 0.11% | domain name |
| user | 29 | 0.10% | |
| admin1 | 27 | 0.09% | Administrator account variant |
| admin123 | 26 | 0.09% | Administrator account variant |
| administrator | 26 | 0.09% | Administrator account |
| wwwadmin | 24 | 0.08% | |
| testuser | 23 | 0.08% | |
| test1 | 21 | 0.07% | |
| username | 21 | 0.07% | |
| itylq@itylq.com | 17 | 0.06% | Domain name |
| webuser | 16 | 0.06% | |
| info@itylq.com | 15 | 0.05% | Domain name |
| 123 | 14 | 0.05% |
It can be seen that in addition to the regular admin, root and their derived default administrator accounts, domain names, domain name mailboxes or other combinations containing domain names are increasingly becoming targets of exploratory attacks. In addition, some test demonstration accounts and their derivatives, or accounts with designated purposes such as editor, webuser, etc., are easy to forget to close manually after the test demonstration is completed, leaving opportunities for malicious people to take advantage of them.
The above is the top 25 worst administrator account names for WordPress websites in 2025 based on the real Internet data recorded by this website. If you also use the same or similar account above for daily website management, please remember to modify it in time.
This article was moved from WordPress to MkDocs