Hello @mohsinworld
Defender can detect when User Enumeration is accessible, and it provides options to block it.
Go to Defender -> Recommendations, and look for the “Prevent user enumeration” option. Even if you see that option in the “Actioned” section, you can expand it there and find additional options to block even more methods to access it. Please try this and let us know if it works for you.
Kind regards,
Jair.
Thanks for your response. Yes it’s working on test site but the live site didn’t work. Later, I understood it was cached with the Vernish cache. I have added this code to the Vhost, and it worked after clearing the Varnish cache. Thanks
server {
listen 443 ssl;
http2 on;
server_name hmsalim.com;
ssl_certificate /etc/nginx/ssl-certificates/hmsalim.com.crt;
ssl_certificate_key /etc/nginx/ssl-certificates/hmsalim.com.key;
location ^~ /wp-json/wp/v2/users {
return 403;
}
}
