User Enumeration is a method hackers and scanners use to get your username. This plugin stops it.
Yes, but the default ones are fine for most cases
A .htaccess solution may suffice, but most published do not cover POST blocking, REST API blocking and still allow admin users access.
If a comment is left by someone just giving a number that comment would be forbidden, as it is assume a hack attempt, but the plugin has a bit of code that strips out numbers from comment author names
No, but fail2ban will allow you to block IP addresses at your VPS firewall that attempt user enumeration. = What do I do with the fail2ban file?= You only need this if you are using Fail2Ban. Place the file wordpress-userenum.conf in your fail2ban installation's filter.d directory. edit your jail.local to include lines like
[wordpress-userenum] enabled = true filter = wordpress-userenumaction = iptables-allports[name=WORDPRESS-USERENUM] sendmail-whois-lines[name=WORDPRESS-USERENUM, dest=youremail@yourdomain, logpath=/var/log/messages] logpath = /var/log/messages maxretry = 1 findtime = 600 bantime = 2500000
Adjusted to your own requirements.
Requires: 3.4 or higher
Compatible up to: 4.7.3
Last Updated: 2 months ago
Active Installs: 10,000+
Got something to say? Need help?