I think this is a wordpress issue and not wordfence. I have the same issue on my site alexanderhiggins.com.
I’ve read you can 301 you author/username to a 503 page but they can still get your user if they wanted to.
If anyone else knows something more that would be great.
Thread Starter
sacredpath
(@sacredpath)
Automattic Happiness Engineer
I have several sites, all with the same version of WP and WF, and this is the only one doing it. I’ve deleted the plugin (and DB entries) and reinstalled, but still the same issue. The other sites are using different themes. Might have to try something other than 2015/2014 and see if that makes a difference.
Thread Starter
sacredpath
(@sacredpath)
Automattic Happiness Engineer
I just tested my site and in addition to the above, it is showing the username when I do /?author=1
Then likely your theme is using a different variables for the author name and this screws up the prevention of finding it. This is a problem with several professional themes, or so it has been reported to us. You might try changing themes long enough to test.
tim
Thread Starter
sacredpath
(@sacredpath)
Automattic Happiness Engineer
Hi Tim, I’m using Twenty Fifteen right now. I’ve fixed the issue by editing the database and changing the nicename to something other than my username, and also changed my username while in there as Wordfence had reported a lot of brute force attempts with my actual username.
Ah. I assumed you had already done that. That one got me a few years back and I started mandating all my users use different values for the username and displayname. The problem went away after I did that.
tim
Thread Starter
sacredpath
(@sacredpath)
Automattic Happiness Engineer
I’ve not had to do that on any other sites I’m using WordFence on, and some of those sites are running 2015 also, so I didn’t think about. After playing around with things, I took the “big hammer” route. 🙂