Ready to get started?Download WordPress

Plugin Reviews

Stop User Enumeration

User Enumeration is a method hackers and scanners use to get your username. This plugin stops it.

8 reviews
Average Rating
4 stars
4.6 out of 5 stars
5 stars
[Fixed] It can be bypassed
By , for WP 3.9.2

WPScan contains a script called stop_user_enumeration_bypass.rb which is able to bypass this plugin.

root@nullbyte:~/wpscan# ./stop_user_enumeration_bypass.rb http://www.website.tld
Usernames found:
| Id | Login | Name |
| 2 | xxxxxx | xxxxxxxxxxxxxxxxxxxxxxxxxxxxx |

Perhaps it's a good idea for the author of this plugin to study the bypass script in order to make this work again. For now, anyone using this plugin, user enumeration is possible.

I suggest to do one of the following:

1. Restrict access to /wp-admin by means of IP restriction.
2. Restrict access to /wp-admin by means of BASIC authentication
3. Implement two factor authentication (Authy, Google)


5 stars
Works fine
By , for WP 3.9

Light plugin that does the job o/

5 stars
By , for WP 3.9.1

I like it.

5 stars
one less worry :)
By , for WP 3.8

A must install and easy to use plugin!

5 stars
It works, that's enough!
By , for WP 3.7.1

Well done.

5 stars
simple but works very well
By , for WP 3.7.1

i like simple, no frills but working plugins like this :-)

5 stars
It just works. Brilliant!
By , for WP 3.7.1

Installed it on my own site. Ran WP-Scan, which came up totally empty.

It works, and it's easy enough to use that it will be recommended to all my clients.

5 stars
Blocks hackers from username enumeration vulnerability
By , for WP 3.6

Yesterday I discovered the username enumeration vulnerability, and today this plugin stopped it!


You must log in to submit a review. You can also log in or register using the form near the top of this page.