WordPress.org

Ready to get started?Download WordPress

Forums

?author=1... 2... 3... how to stop it? (4 posts)

  1. Gabrielcik
    Member
    Posted 1 year ago #

    Hi,

    I would like to forbid people to seek for my username by typing
    http://www.example.com/?author=1 (or 2, 3,4,5... until they get my user id)

    How to block it?

    Thanks!

    P.s.
    On hardening wordpress they say to change ur admin user by creating a new one... but after it is so easy for a "hacker" to find it by using ?author= ....

    any help? i tried to put a redirect function (if ( is_author() ) { etc...) but this doesn't hide my user id in the address bar of the browser...

  2. ClaytonJames
    Member
    Posted 1 year ago #

    I don't think it's possible. Lots of discussions about it though. Here's a quick one I picked off of Google.

    wordpress.stackexchange.com/questions/46469/can-i-prevent-enumeration-of-usernames

  3. Gabrielcik
    Member
    Posted 1 year ago #

    Hi,

    I found these solutions:

    First solution:

    RewriteCond %{REQUEST_URI}  ^/$
    RewriteCond %{QUERY_STRING} ^/?author=([0-9]*)
    RewriteRule ^(.*)$ http://www.wordpressexample.com/some-real-dir/ [L,R=301]

    source: http://www.question-defense.com/2012/03/20/block-wordpress-user-enumeration-secure-wordpress-against-hacking

    but i have troubles with the redirect... it always include the /?author=1 string... so if i specify my home page it generates an infinite redirect!

    Second solution:
    Specify a redirect 301 in the htaccess. ex: /author/name /
    it works but the redirect is not instantaneous and it shows the url before to redirect it...

    third solution:
    use RewriteRule for to make a redirect
    but I'm not sure how to write it... i tried smth like:
    RewriteRule /author/name /

  4. joe.toomey
    Member
    Posted 1 year ago #

    The solution you found on question-defense should work, but the RewriteRule is missing a character to remove the query string from the rewritten URL. This should work (note the additional '?' at the end of the rewritten URL):

    RewriteCond %{REQUEST_URI}  ^/$
    RewriteCond %{QUERY_STRING} ^/?author=([0-9]*)
    RewriteRule ^(.*)$ http://www.wordpressexample.com/some-real-dir/? [L,R=301]

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.