Support » Plugin: Shield Security: Protection with Smarter Automation » Allows fishing for the user name

  • nicoter

    (@nicoter)


    Very confusing and illogically structured.

    Furthermore it does not even block the following type of queries for the user name:

    https://yourwebsite.com/wp-json/wp/v2/users/1

Viewing 1 replies (of 1 total)
  • Plugin Author Paul

    (@paultgoodchild)

    There’s an option in there to block this, but to enable this by default would break other popular plugins.

    For anyone reading this, this is a huge plugin with many options and features, and for some, this can be a little overwhelming.

    If you’re confused by anything, we have extensive documentation and friendly support so you can reach out to us at any time.

    This “reviewer” unfortunately didn’t either look up documentation or contact us before leaving these comments.

    Also, further information for those who’d like to understand this better: user enumeration (where you can get usernames by putting in URLs like that above is not a security vulnerability). If you’re told otherwise, you’re being misinformed or marketed to. Far better to actually better secure your WordPress login processes – which Shield does entirely for free.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this review.