Support » Plugin: NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall » Protect against username enumeration

  • Resolved dimalifragis



    Does “Protect against username enumeration” mean to stop the “?author=number” attempts? Or it is something else?


Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author nintechnet


    Yes, it prevent the “?author=number” query, among other tricks used by hackers to enumerate users.

    Thread Starter dimalifragis


    Ok, then it doesn’t seem to work right. At least for me.

    I had to use .htaccess mod_rewrite to block it.

    Also some probes use double // (//?author=number) and this is ALSO not protected.

    Plugin Author nintechnet


    Did you enable the “Through the author archives” policy?
    It doesn’t block the request, but invalidates it and redirects to the home page with a 302 HTTP code.

    If you add slashes, it will be redirected too (NF deobfuscates the payload):

    $ curl -I ''
    HTTP/1.1 302 Found
    Server: nginx/1.18.0
    Date: Wed, 28 Apr 2021 04:57:08 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    X-Redirect-By: WordPress
    • This reply was modified 3 months, 1 week ago by nintechnet.
    Thread Starter dimalifragis


    Yes i did enabled what you suggest.

    For me it doesn’t work, it shows the users names/paths.

    I saw those in the web server logs. Anyways, i will figure it out at some point.


Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.