WordPress.org

Ready to get started?Download WordPress

Plugin Reviews

Stop User Enumeration

User Enumeration is a method hackers and scanners use to get your username. This plugin stops it.

8 reviews
Average Rating
4 stars
4.6 out of 5 stars
5 stars
[Fixed] It can be bypassed
By , for WP 3.9.2

WPScan contains a script called stop_user_enumeration_bypass.rb which is able to bypass this plugin.

root@nullbyte:~/wpscan# ./stop_user_enumeration_bypass.rb http://www.website.tld
Usernames found:
+----+--------+-------------------------------+
| Id | Login | Name |
+----+--------+-------------------------------+
| 2 | xxxxxx | xxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
+----+--------+-------------------------------+
root@nullbyte:~/wpscan#

Perhaps it's a good idea for the author of this plugin to study the bypass script in order to make this work again. For now, anyone using this plugin, user enumeration is possible.

I suggest to do one of the following:

1. Restrict access to /wp-admin by means of IP restriction.
2. Restrict access to /wp-admin by means of BASIC authentication
3. Implement two factor authentication (Authy, Google)

Cheers,
Jeroen

5 stars
Works fine
By , for WP 3.9

Light plugin that does the job o/

5 stars
Excellent!
By , for WP 3.9.1

I like it.

5 stars
one less worry :)
By , for WP 3.8

A must install and easy to use plugin!

5 stars
It works, that's enough!
By , for WP 3.7.1

Well done.

5 stars
simple but works very well
By , for WP 3.7.1

i like simple, no frills but working plugins like this :-)

5 stars
It just works. Brilliant!
By , for WP 3.7.1

Installed it on my own site. Ran WP-Scan, which came up totally empty.

It works, and it's easy enough to use that it will be recommended to all my clients.

5 stars
Blocks hackers from username enumeration vulnerability
By , for WP 3.6

Yesterday I discovered the username enumeration vulnerability, and today this plugin stopped it!

http://llocally.com/blog/2013/08/19/what-is-your-login-username-to-your-wordpress-website/

You must log in to submit a review. You can also log in or register using the form near the top of this page.