Support » Plugin: Stop User Enumeration » Plugin breaks REST API even when disabled

  • Resolved apiosys


    This plugin looked very promising to me since I don’t like “enumerating” user details which I consider a data leak. I tried it on a test site and indeed a query like /wp-json/wp/v2/users/1 will now properly not show user details when not logged in. But when checking the sanity report that was introduced in 5.2 I am now getting erros on cURL error 28: Operation timed out after 10000 milliseconds with 0 bytes received and a warning on wp_version_check(). So not so good then. I disabled the plugin, issue remains. I deleted the plugin, issue remains. I restored the whole site and db and the issue still remains… I don’t understand what traces it can leave to leave the REST API broek like that ? Doesn’t make sense to me… Any special things to take care off to completely remove all traces ?

    Kind regards,


Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author fullworks


    I’m sorry you are having difficulties, however the code is very straight forward and if you have disabled the plugin it does not operate, and if you have deleted there is nothing to operate.

    The CURL error sounds like an issue with your test environment.

    I can’t really be much more helpful, but if you would like to package up your test site and DB and send it to me I will happily take a look.

    Thread Starter apiosys


    Of course you are right, throwing out the plugin should not leave any traces. I probably updated to many stuff at once incl. update to 5.2. Went through the classic check of disabling all other plugins and enabling them one by one and found out that “WP Simple Paypal Shopping cart” was the culprit. As soon as I get rid of that one the site health report is clean again… Sorry for bothering here with that. I have added your plugin also back in and the site report remains clean (and no more usernames are leaked). Many thanks. Joris.

    Plugin Author fullworks


    I am really glad you have sorted it out.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Plugin breaks REST API even when disabled’ is closed to new replies.