From what I’m gathering from your question, you’re essentially looking to block robots from scanning your site for user info by spamming author URLs. Is this correct? If so, here are two options for you to consider:
1. iThemes Security Plugin https://wordpress.org/plugins/better-wp-security/ (recommended)
Along with a bevy of additional security features, this plugin features an option which will block author pages from being served from your website. This rule isn’t absolute, however; If the author in the query actually has content on the site, then the page will display the typical expected output. The plugin only prevents reads on authors who have _no content_ attributed to them on the site. I’m guessing this is what you might be looking for.
To apply this solution:
1. Install the plugin from https://wordpress.org/plugins/better-wp-security
2. Activate the plugin
3. Proceed to (from the Admin dashboard) Security -> Settings
4. Scroll down to the bottom of the page and click on the Disable Extra User Archives checkbox
5. Click on the “Save All Changes” button at the bottom of the page
6. Test
I tested this out on my local installation, which is on WP 4.5, and it worked as described.
2. .htaccess
This option is a bit more atomic: If the request contains the phrase ‘author=X’ in the query string (where X is a user ID), the site will serve up a 403 (forbidden) response. This will ensure that any requests invoking an author are soundly rejected, every time.
To apply this solution:
1. Open up the .htaccess file, located in your site’s root directory
2. Add the following to the bottom of the file:
# BEGIN block author scans
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (author=\d+) [NC]
RewriteRule .* - [F]
# END block author scans
3. Save the file
4. Test
Like the first solution, testing proved this solution as valid (at least for me)
I got this solution from wpbeginner – you can find the full post here if you want more information: http://www.wpbeginner.com/wp-tutorials/how-to-discourage-brute-force-by-blocking-author-scans-in-wordpress/
Please drop a line and let us know if I’m answering the right question, and if the solution worked for you.
