Stop User Enumeration
[resolved] Can see username by hovering over "Posted by" link (4 posts)

  1. @wealthcop
    Posted 1 year ago #

    I just installed the plugin at http://wealthmanagementnewsletter.com/ and if you hover over Posted by Admin, you can see the real user name.


  2. Badlywired
    Plugin Author

    Posted 1 year ago #


    This plugin justs tries to stop a specific technique of user enumeration, i.e. adding to the url ?author=<n> where n is a number to return the user name. this techniques is used by several automated hacking tools.

    Unfortunately it doesn't attempt to stop all displays of user ids revealed by themes, I'm not even sure if there is a way of achieving this without changing wordpress core.

  3. @wealthcop
    Posted 1 year ago #

    Many thanks for the information.

    For additional security, I guess best practice is to

    1. Create editor level user for posting articles, and not use admin level user to do that.

    2. Use 2-factor authentication such as the Wordfence plugin.


  4. Badlywired
    Plugin Author

    Posted 1 year ago #

    Hi 100% correct there.

    This is just one part of many things to in 'hardening' a WordPress websites, and there are several top notch security plugins out there that help (my favorite is WordFence)

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Stop User Enumeration
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.