plugin-icon

Super Simple Account Enumeration Blocker

Door Paul Gilzow·
Blocks account enumeration attempts
security
user enumeration
wpscan
Waardering
Een beoordeling toevoegen
Versie
1.0.0
Laatst bijgewerkt
Apr 17, 2017

After speaking at WordCamp St. Louis 2017 http://wordpress.tv/2017/03/29/paul-gilzow-access-denied-keeping-yourself-off-an-attackers-radar/, I was asked if I could bundle the code I demo’ed in the talk into a plugin for people who aren’t as comfortable writing their own code. As its name implies, it is super simple. There are no settings. The entire codebase is contained in one file, and for the most part is about 20 lines of code in length. It is fully commented and I encourage you to look at the code to see what it does instead of blindly trusting it.

Specifically, this plugin: * removes the redirection of a request from /?author=# to an author’s pretty permalink * changes author pretty permalinks to /?author=# * changes author feed pretty permalinks to /?author=#&feed= * removes author slug property from user response object for user endpoint in the REST API * removes overly informative error message when login attempt fails

Rememer: this plugin, by itself, will not protect your site from being compromised. However, it can be an important layer of defense when used in a multilayer, defense-in-depth security strategy.

Help and Support

Please post questions, request for help to the WordPress plugins forum or email ssaeb@gilzow.com. Please be sure to include ‘ssaeb’ in the subject line.

TO-DO’s

Keep adding ways to block enumerations.

Gratisop Business abonnement
Aan de slag
Door te installeren, ga je akkoord met de Servicevoorwaarden van WordPress.com en de voorwaarden voor plugins van derden.
Getest tot
WordPress 4.7.31
Deze plugin kan worden gedownload, zodat je hem op je kan gebruiken.
Downloaden