WordPress.org

Forums

Stop User Enumeration
[resolved] Can see username by hovering over "Posted by" link (4 posts)

  1. @wealthcop
    Member
    Posted 11 months ago #

    I just installed the plugin at http://wealthmanagementnewsletter.com/ and if you hover over Posted by Admin, you can see the real user name.

    https://wordpress.org/plugins/stop-user-enumeration/

  2. Badlywired
    Member
    Plugin Author

    Posted 11 months ago #

    Hi,

    This plugin justs tries to stop a specific technique of user enumeration, i.e. adding to the url ?author=<n> where n is a number to return the user name. this techniques is used by several automated hacking tools.

    Unfortunately it doesn't attempt to stop all displays of user ids revealed by themes, I'm not even sure if there is a way of achieving this without changing wordpress core.

  3. @wealthcop
    Member
    Posted 11 months ago #

    Many thanks for the information.

    For additional security, I guess best practice is to

    1. Create editor level user for posting articles, and not use admin level user to do that.

    2. Use 2-factor authentication such as the Wordfence plugin.

    T.

  4. Badlywired
    Member
    Plugin Author

    Posted 9 months ago #

    Hi 100% correct there.

    This is just one part of many things to in 'hardening' a WordPress websites, and there are several top notch security plugins out there that help (my favorite is WordFence)

Reply

You must log in to post.

About this Plugin

  • Stop User Enumeration
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags

No tags yet.