WordPress.org

Plugin Reviews

Stop User Enumeration

User Enumeration is a method hackers and scanners use to get your username. This plugin stops it.

12 reviews
Average Rating
5 out of 5 stars
You are currently viewing the reviews that provided a rating of 5 stars. Click here to see all reviews.
Seams to do what it should
By , for WP 4.4.2

Tested with version 4.4.2 and it works

Work great !
By ,

I have installed this plugin and it blocked a lot of hackers

Thanks,

perfect
By , for WP 4.2.2

Love tools like these. Works fine on our sites.

Excellent!
By , for WP 4.1

This is considered one of my "must have" plugins! Absolutely essential for a safe WordPress site!

[Fixed] It can be bypassed
By , for WP 3.9.2

WPScan contains a script called stop_user_enumeration_bypass.rb which is able to bypass this plugin.

root@nullbyte:~/wpscan# ./stop_user_enumeration_bypass.rb http://www.website.tld
Usernames found:
+----+--------+-------------------------------+
| Id | Login | Name |
+----+--------+-------------------------------+
| 2 | xxxxxx | xxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
+----+--------+-------------------------------+
root@nullbyte:~/wpscan#

Perhaps it's a good idea for the author of this plugin to study the bypass script in order to make this work again. For now, anyone using this plugin, user enumeration is possible.

I suggest to do one of the following:

1. Restrict access to /wp-admin by means of IP restriction.
2. Restrict access to /wp-admin by means of BASIC authentication
3. Implement two factor authentication (Authy, Google)

Cheers,
Jeroen

Works fine
By , for WP 3.9

Light plugin that does the job o/

Excellent!
By , for WP 3.9.1

I like it.

one less worry :)
By , for WP 3.8

A must install and easy to use plugin!

It works, that's enough!
By , for WP 3.7.1

Well done.

simple but works very well
By , for WP 3.7.1

i like simple, no frills but working plugins like this :-)

You must log in to submit a review. You can also log in or register using the form near the top of this page.