No User Enumeration
In many WordPress installations is possible enumerate usernames through the author archives, using urls like this:
http://wpsite/?author=1
http://wpsite/?author=1/
http://wpsite/?bypass=1&author%00=1
http://wpsite/?author%00=%001
http://wpsite/?%61uthor=1
And recently wordpress since 4.7 comes with a rest api integrated that allow list users:
curl -s http://wpsite/wp-json/wp/v2/users/
curl -s http://wpsite/?rest_route=/wp/v2/users
curl http://wpsite/?_method=GET -d rest_route=/wp/v2/users
Know the username of a administrator is the half battle, now an attacker only need guest the password.
This plugin stop it.
Also, is possible get usernames from the post entries.
This plugin, hide the name of the author in a post entry if he is not using a nickname.
Also, hide the url page link of an administrator author.
The main goal is hide the administrators usernames.
Obviously, is better not choose “admin” as the username because is easiliy guessable.
Details
Related plugins
Plugins that also contain the tag security
Wordfence Security – Firewall, Malware Scan, and Login Security
Hostinger Tools
Jetpack – WP Security, Backup, Speed, & Growth
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)
Security Optimizer – The All-In-One Protection Plugin
Safe SVG
About
Plugin for that tries to help you find the WordPress plugin you are looking for.
| Please enjoy an image of Crush (this awesome turtle) and have a lovely day! |  |
We do not own any plugin listed on this site and do not work for or work with WordPress.com or it's associated companies. We simply provide a searchable list of the available WordPress plugins.