manOmedia

Not many plugins and all are quite mainstream but sadly I think this is the only possibility.

Kind of a pain though… Typically troubleshooting plugins can be quick, disable, test and move on but in this case I need to leave each one disabled long enough (a few hours anyway) to see if a newly created user name is discovered.
That said, I rather suspect Yoast, the seo plugin, which could easily be shut off for some hours. I don’t have access now but it’s the only one I can think of that might be interested in publicizing that sort of metadata. Off the top of my head the others are;
Contact form 7
Redirection
Popup Maker
WP maintenance
BackupBuddy
Comet Cache
WP Maintenance Mode

The only other thing I can think of is Google recaptcha v3.

Got work to do…

Btw, the quick responses are very much appreciated!!!

Hi…
I’ve considered renaming the Login Page but decided to stick with the basics for now. Been using iTheme’s security on other sites but really like some of the features you have – this is my first installation of ‘All In One’.
And I have not even looked at “Cookie Based Brute Force Prevention”.

That said, not sure why you asked as I presume neither of those would be leaking user names.
Obviously moving the login page could help but it doesn’t address the question of how the names are being found.

Thanks

Had an interesting occurrence today. A rather impatient user that wanted to upload several hundred pics, (I think) perhaps dragged the same set of files to the form more than once with two results:
1) I was told the site froze
2) On the backend I found there were multiple duplicates like c44, c44-1, c44-2, c44-3, etc

I looked at the cpanel back end and found the I/O was hitting 100% for a bit.

As a test I went and uploaded (or tried) 310 photos with sizes ranging from aprox .5MB to 2.5MB, total upload 409MB.
1) The form page froze after abut 15 seconds meaning all progress bars stopped running
2) Trying to open the site in a new tab took several minutes, spinning icon.
3) Looking at the upload folder in the backend via FTP showed only 3 files were uploaded after about 10 minutes.

cPanel did not show any I/O issues.

Ohhhh, interesting… After about 15 min about 15 of the progress bars were replaced with:
“The uploaded file exceeds the maximum upload size of your server.”

FYI, the shortcode in the contact form is:
[mfile Upload-Files limit:51048576 max-file:500]

I thought I had set a high enough limit but, guess not so I changed it to:
[mfile Upload-Files limit:1000000000 max-file:500]

I ran the same test with the same batch of photos and had similar results:
1) The form page quickly froze meaning all progress bars stopped running
2) However, opening the site in a new tab was OK.
3) Looking at the upload folder in the backend via FTP showed only 2 files were uploaded after about 5 minutes.

After about 10 min the upload form progress bars for about 22 items were replaced with the same maximum upload size error.
Looking again at the upload folder in the backend showed 18 files were uploaded.

Checking the cpanel again and I/O Usage was at 100%
and physical Memory Usage was at 98.65%.

Some minutes later more of the progress bars had been replaced with the error.
Only two progress bars indicated 100%

As a reference, uploading the same 310 photos via FTP takes about 5 minutes and does not cause any cpanel I/O or memory errors.

Hi Glen,

I changed the access rights for that page. The link is the same but it now requires a user to be logged in.
Info being emailed.

Just for kicks I tried the tests again and have a slightly different result:
I uploaded 5 pics at about 2MB each.
As soon as one of the progress bars started growing, indicating that the upload was underway, I clicked send.
A generic contact form 7 error error was generated; “An error occurred, try again later”.
I waited a few seconds and tried again, same error.
Waited again a few seconds and the mail was sent successfully.
However the mail I received only included data for two of the five uploads.

Still loving this capability though 🙂
Thanks…

Forgot to add… I am also in favor of some way to have files automatically placed in separate folders but instead of time stamp folder names I would suggest folder names based on the senders email address or perhaps better, time stamped and email address like Joe@gmail.com_20190419_1405.

Kind of slow at responding…

While it took some searching, between Inspect Element and Firebug with “.select2-result” as a starting point, I got where I needed to be…
Thanks

Have to say that although I could easily hide it when investigating with the various source inspection tools, I was not knowledgeable enough to hide it using css.
But a colleague assisted and came up with the following which does the trick. It is file specific so a line is needed for each csv source file:

/*----- Hide specific Filewawy generated csv download links -----*/
a[download="csvFileName#1.csv"],
a[download="csvFileName#2.csv"] {
display: none;
}

DP