Hack attempt using “test” as user name

I’m loving iThemes Security. One of your settings is to immediately block any attempts to use “admin” as a user name, and that is one of my favs. Would you be able to also add “test” to that function?

What i have noticed over the past year and a half or so (before switching to iThemes) is that a new system to attack a site has emerged. The hacker will do the first attempt with test as the user name, possibly injecting some sort of code in the attempt, and then the very next attempt will be with a legitimate user name. No guessing, and not a nickname (and i set all sites to use and display the nickname). At the time, I was using just a limit login attempts plug-in, so i would notice one attempt with test from one host and immediately the remaining attempts before lock out would have been with a listed user name. They would also get users that haven’t published any articles or even commented on any posts. Then they would change hosts and try again, always using test first and then limiting out with a legitimate user name. This would continue until all user names were attempted and then all activity would cease.

Maybe this isn’t new, and maybe they could use the same method with a different user name, but the use of test has been used so much that I wonder if it has become a new tool that should be blocked just like admin.

Just a thought.

Thanks,
mikeyjr