Title: rtlaird's Replies | WordPress.org --- # rtlaird [ ](https://wordpress.org/support/users/rtlaird/) * [Profile](https://wordpress.org/support/users/rtlaird/) * [Topics Started](https://wordpress.org/support/users/rtlaird/topics/) * [Replies Created](https://wordpress.org/support/users/rtlaird/replies/) * [Reviews Written](https://wordpress.org/support/users/rtlaird/reviews/) * [Topics Replied To](https://wordpress.org/support/users/rtlaird/replied-to/) * [Engagements](https://wordpress.org/support/users/rtlaird/engagements/) * [Favorites](https://wordpress.org/support/users/rtlaird/favorites/) Search replies: ## Forum Replies Created Viewing 4 replies - 1 through 4 (of 4 total) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[All-In-One Security (AIOS) – Security and Firewall] Leaked user names](https://wordpress.org/support/topic/leaked-user-names/) * [rtlaird](https://wordpress.org/support/users/rtlaird/) * (@rtlaird) * [3 years, 1 month ago](https://wordpress.org/support/topic/leaked-user-names/#post-16586060) * My problem was (as it is/was for many people) that the user names were coming from a known security issue with the REST API endpoints; this one in particular:/ wp-json/wp/v2/users/1 as in [https://wordpresssite.com/wp-json/wp/v2/users/1](https://wordpresssite.com/wp-json/wp/v2/users/1). * This allows either an anonymous user OR a logged-in user to enter that URL and retrieve the names and ids of users, including admin users. All they have to do is cycle through the id number at the end of the query. * Turning off the REST API endpoint through AIOS does not completely solve the problem as that only affects non-logged-in users. If a hacker gets an account on your machine and logs in, then they can just enter the same wp-json endpoint and once again retrieve the user information (I verified the operation). * The way I solved the problem was by doing this (with the disable_rest_endpoints function): * [https://wordpress.org/support/topic/renamed-login-page-and-usernames-detected/](https://wordpress.org/support/topic/renamed-login-page-and-usernames-detected/) * That solved my problem and I apparently am not using any plugin/feature that currently requires the REST API user endpoints. - This reply was modified 3 years, 1 month ago by [rtlaird](https://wordpress.org/support/users/rtlaird/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[All-In-One Security (AIOS) – Security and Firewall] Leaked user names](https://wordpress.org/support/topic/leaked-user-names/) * [rtlaird](https://wordpress.org/support/users/rtlaird/) * (@rtlaird) * [3 years, 1 month ago](https://wordpress.org/support/topic/leaked-user-names/#post-16577106) * I am having the same issue. And, I have made sure that the admin username is not the nickname, the admin has nothing posted anywhere, and that the admin username appears on no other forms, data, postings, comments. Captcha is enabled everywhere. Am hesitant to enable Brute Force -> Rename login and Brute Force -> Cookie based due to potential to lock me out of my site. Any suggestions on how I might scan the database via MySQL Linux I/F to find any other occurrences of the admin username? * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Vrm 360 3D Model Viewer] VRML children with inline URL do not display](https://wordpress.org/support/topic/vrml-children-with-inline-url-do-not-display/) * Thread Starter [rtlaird](https://wordpress.org/support/users/rtlaird/) * (@rtlaird) * [3 years, 11 months ago](https://wordpress.org/support/topic/vrml-children-with-inline-url-do-not-display/#post-15746931) * Solved the problem by moving to OBJ files. Now have a process for converting KiCad WRL files (VRML) to OBJ files that display very nicely with the Vrm 360 3D Model Viewer WordPress plugin. See article at: [https://www.linkedin.com/feed/update/urn:li:ugcPost:6942586952793686017?updateEntityUrn=urn%3Ali%3Afs_updateV2%3A%28urn%3Ali%3AugcPost%3A6942586952793686017%2CFEED_DETAIL%2CEMPTY%2CDEFAULT%2Cfalse%29](https://www.linkedin.com/feed/update/urn:li:ugcPost:6942586952793686017?updateEntityUrn=urn%3Ali%3Afs_updateV2%3A%28urn%3Ali%3AugcPost%3A6942586952793686017%2CFEED_DETAIL%2CEMPTY%2CDEFAULT%2Cfalse%29) * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [Featured image size issue.](https://wordpress.org/support/topic/featured-image-size-issue-2/) * [rtlaird](https://wordpress.org/support/users/rtlaird/) * (@rtlaird) * [4 years ago](https://wordpress.org/support/topic/featured-image-size-issue-2/#post-15612859) * How was this resolved? I have the same problem. Viewing 4 replies - 1 through 4 (of 4 total)