Stop User Enumeration in WordPress

This tutorial explains how to block user-enumeration scans in WordPress. As explained in greater depth here, user enumeration happens when some malicious script scans a WordPress site for user data by requesting numerical user IDs. For example, requests for author=1 through some number, say, author=1000, may reveal the usernames for all associated users. With a simple enumeration script, an attacker can scan your site and obtain a list of login names in a matter of seconds. Continue reading »

Welcome

Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »

USP Pro: Unlimited front-end forms for user-submitted posts and more.

Thoughts

All free plugins updated and ready for WP 6.6 dropping next week. Pro plugin updates ~~in the works~~ also complete :)

99% of video thumbnail/previews are pure cringe. Goofy faces = Clickbait.

RIP ICQ

Crazy that we’re almost halfway thru 2024.

I live right next door to the absolute loudest car in town. And the owner loves to drive it.

8G Firewall now out of beta testing, ready for use on production sites.

It's all about that ad revenue baby.

+ More thoughts »

Topics

Find me on the social medias

Around the site

WordPress help

Wizard’s SQL Recipes (eBook)
The Tao of WordPress (eBook)
Digging Into WordPress (eBook)
Develop WordPress themes (eBook)
WordPress on shared hosting (video tutorials)

Favorite projects