plugin-icon

No User Enumeration

作者:Carlos·
Stop user enumeration for security.
security
user enumeration
wpscan
评级
添加评价
版本
1.3.2
活跃安装
200
最后更新
Oct 23, 2019

In many WordPress installations is possible enumerate usernames through the author archives, using urls like this:

http://wpsite/?author=1

http://wpsite/?author=1/

http://wpsite/?bypass=1&author%00=1

http://wpsite/?author%00=%001

http://wpsite/?%61uthor=1

And recently wordpress since 4.7 comes with a rest api integrated that allow list users:

curl -s http://wpsite/wp-json/wp/v2/users/ curl -s http://wpsite/?rest_route=/wp/v2/users curl http://wpsite/?_method=GET -d rest_route=/wp/v2/users

Know the username of a administrator is the half battle, now an attacker only need guest the password. This plugin stop it.

Also, is possible get usernames from the post entries. This plugin, hide the name of the author in a post entry if he is not using a nickname. Also, hide the url page link of an administrator author.

The main goal is hide the administrators usernames. Obviously, is better not choose “admin” as the username because is easiliy guessable.

免费使用Business套餐
从这里开始
通过安装,您同意 WordPress.com 服务条款第三方插件条款
目前已测试版本
WordPress 5.2.23
这个插件是可用的下载,适用于您的站点。
下载