WordPress.org

Plugin Directory

Test out the new Plugin Directory and let us know what you think.

Stop User Enumeration

User Enumeration is a method hackers and scanners use to get your username. This plugin stops it.

Are there any settings?

Yes, but the default ones are fine for most cases

Will it work on Multisite?

Yes

Why don't I just block with .htaccess

A .htaccess solution may suffice, but most published do not cover POST blocking, REST API blocking and still allow admin users access.

Does it break anything?

If a comment is left by someone just giving a number that comment would be forbidden, as it is assume a hack attempt, but the plugin has a bit of code that strips out numbers from comment author names

Do I need fail2ban for this to work?

No, but fail2ban will allow you to block IP addresses at your VPS firewall that attempt user enumeration. = What do I do with the fail2ban file?= You only need this if you are using Fail2Ban. Place the file wordpress-userenum.conf in your fail2ban installation's filter.d directory. edit your jail.local to include lines like

[wordpress-userenum]
enabled = true
filter = wordpress-userenumaction   = iptables-allports[name=WORDPRESS-USERENUM]
           sendmail-whois-lines[name=WORDPRESS-USERENUM, dest=youremail@yourdomain, logpath=/var/log/messages]
logpath = /var/log/messages
maxretry = 1
findtime = 600
bantime = 2500000

Adjusted to your own requirements.

Requires: 3.4 or higher
Compatible up to: 4.7.3
Last Updated: 2 months ago
Active Installs: 10,000+

Ratings

4.7 out of 5 stars

Support

Got something to say? Need help?

Compatibility

+
=
Not enough data

0 people say it works.
0 people say it's broken.

100,1,1 100,1,1
0,1,0
100,1,1
100,1,1 100,1,1
100,1,1
100,1,1
0,1,0