I almost always install this as if it were a core WP component, and I love it.
I came here today just to add this: Turn on Wildcards, and add the following redirect:
(do not bother creating any page or folder called no-such user)
Adding /?author=1 or /?author=2 etc. to a WordPress URL will reveal the login name of a user, which bots and hackers will then use in brute-force attacks.
That simple redirect prevents them from being able to extract a username from your site, simply, and easily.
If you do it as I present it, it sends them to your 404 page.
- The topic ‘Security Bonus’ is closed to new replies.