WordPress.org

Plugin Reviews

Stop User Enumeration

User Enumeration is a method hackers and scanners use to get your username. This plugin stops it.

10 reviews
Average Rating
5 out of 5 stars
perfect
By , for WP 4.2.2

Love tools like these. Works fine on our sites.

Excellent!
By , for WP 4.1

This is considered one of my "must have" plugins! Absolutely essential for a safe WordPress site!

[Fixed] It can be bypassed
By , for WP 3.9.2

WPScan contains a script called stop_user_enumeration_bypass.rb which is able to bypass this plugin.

root@nullbyte:~/wpscan# ./stop_user_enumeration_bypass.rb http://www.website.tld
Usernames found:
+----+--------+-------------------------------+
| Id | Login | Name |
+----+--------+-------------------------------+
| 2 | xxxxxx | xxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
+----+--------+-------------------------------+
root@nullbyte:~/wpscan#

Perhaps it's a good idea for the author of this plugin to study the bypass script in order to make this work again. For now, anyone using this plugin, user enumeration is possible.

I suggest to do one of the following:

1. Restrict access to /wp-admin by means of IP restriction.
2. Restrict access to /wp-admin by means of BASIC authentication
3. Implement two factor authentication (Authy, Google)

Cheers,
Jeroen

Works fine
By , for WP 3.9

Light plugin that does the job o/

Excellent!
By , for WP 3.9.1

I like it.

one less worry :)
By , for WP 3.8

A must install and easy to use plugin!

It works, that's enough!
By , for WP 3.7.1

Well done.

simple but works very well
By , for WP 3.7.1

i like simple, no frills but working plugins like this :-)

It just works. Brilliant!
By , for WP 3.7.1

Installed it on my own site. Ran WP-Scan, which came up totally empty.

It works, and it's easy enough to use that it will be recommended to all my clients.

Blocks hackers from username enumeration vulnerability
By , for WP 3.6

Yesterday I discovered the username enumeration vulnerability, and today this plugin stopped it!

http://llocally.com/blog/2013/08/19/what-is-your-login-username-to-your-wordpress-website/

You must log in to submit a review. You can also log in or register using the form near the top of this page.