Stop User Enumeration in WordPress

This tutorial explains how to block user-enumeration scans in WordPress. As explained in greater depth here, user enumeration happens when some malicious script scans a WordPress site for user data by requesting numerical user IDs. For example, requests for author=1 through some number, say, author=1000, may reveal the usernames for all associated users. With a simple enumeration script, an attacker can scan your site and obtain a list of login names in a matter of seconds. Continue reading »

Welcome

Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »

GA Pro: Add Google Analytics to WordPress like a pro.

Thoughts

Plugin updates! All of our free and pro plugins ready for WordPress 6.2.

Daylight savings is a complete waste of time and needs to be eliminated.

Got a couple of snow days here in mid-March. Fortunately it's not sticking.

I handle all email in real time as it comes in, perpetually clear inbox for years now.

Added some nice features to Wutsearch search engine launchpad. Now 21 engines!

.wp TLD plz :)

Nice collection of free SEO APIs and user-agent lookups for Googlebot, Bingbot, Applebot, YandexBot, and more.

+ More thoughts »

Topics

Find me on the social medias

Around the site

WordPress help

Wizard’s SQL Recipes (eBook)
The Tao of WordPress (eBook)
Digging Into WordPress (eBook)
Develop WordPress themes (eBook)
Develop WordPress plugins (video tutorials)
WordPress on shared hosting (video tutorials)

Favorite projects