Support » Plugin: Stop User Enumeration » WordPress 5.5 adds user enumeration to wp-sitemap.xml

  • Resolved Paul Ryan

    (@figureone)


    Aloha, we noticed that WordPress 5.5 introduced a new method of user enumeration in the sitemap feature intended to help search engines index site content:

    New XML Sitemaps Functionality in WordPress 5.5

    If you visit /wp-sitemap.xml on any WordPress site, you should see /wp-sitemap-users-1.xml as a link that will list all site users with their /author/username link. These do still appear with this plugin installed and activated.

    Looks like the easiest way to remove that is to hook into wp_sitemaps_add_provider. Would be excellent if you could integrate that into this plugin!

    Example (from the link above):

    add_filter(
        'wp_sitemaps_add_provider',
        function( $provider, $name ) {
            if ( 'users' === $name ) {
                return false;
            }
     
            return $provider;
        },
        10,
        2
    );
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Alan Fuller

    (@alanfuller)

    Many thanks for you very helpful collaboration.

    I will test and add as appropriate.

    Thread Starter Paul Ryan

    (@figureone)

    Awesome, thanks!

    Plugin Author Alan Fuller

    (@alanfuller)

    This has now been incorporated in 1.3.30

    Existing user will need to visit settings to remove the sitemaps. New users will default to remove, but option to enable

    Thread Starter Paul Ryan

    (@figureone)

    Looks great, we confirm that enabling the Disable WP Core Author sitemaps option on version 1.3.30 blocks access to /wp-sitemap-users-1.xml. Cheers!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘WordPress 5.5 adds user enumeration to wp-sitemap.xml’ is closed to new replies.