No User Enumeration Reviews, Downloads & Maintenance - Plugins Database

All plugins Tags Languages Authors About us

Back to plugins

Actions

Download Author page See on WordPress

Plugin info

Total downloads: 4,563

Active installs: 200

Total reviews: 0

Average rating: 0

Support threads opened: 0

Support threads resolved: 0 (0%)

Available in: 1 language(s)

Contributors: 1

Last updated: 10/23/2019 (2262 days ago)

Added to WordPress: 4/4/2016 (9 years old)

Minimum WordPress version: 2.9

Tested up to WordPress version: 5.2.23

Minimum PHP version: f

Maintenance & Compatibility

Maintenance score

Possibly abandoned • Last updated 2262 days ago

20/100

Is No User Enumeration abandoned?

Possibly abandoned (last update 2262 days ago).

Compatibility

Requires WordPress: 2.9

Tested up to: 5.2.23

Requires PHP: f

Ratings

0

0

0

0

0 See all reviews

Developers

Carlos (Owner)1

Languages

Similar & Alternatives

Explore plugins with similar tags, and compare key metrics like downloads, ratings, updates, support, and WP/PHP compatibility.

Stop User Enumeration

Rating 4.9/5 (126 reviews) • Active installs 50,000

WP Author Security

Rating 5.0/5 (2 reviews) • Active installs 500

Super Simple Account Enumeration Blocker

Rating 0.0/5 (0 reviews) • Active installs 0

WP Hardening (discontinued)

Rating 4.1/5 (19 reviews) • Active installs 10,000

Disable User Enumeration

Rating 0.0/5 (0 reviews) • Active installs 40

No Login User Enumeration

Rating 0.0/5 (0 reviews) • Active installs 10

See more alternatives to No User Enumeration

Description

In many WordPress installations is possible enumerate usernames through the author archives, using urls like this:

http://wpsite/?author=1

http://wpsite/?author=1/

http://wpsite/?bypass=1&author%00=1

http://wpsite/?author%00=%001

http://wpsite/?%61uthor=1

And recently wordpress since 4.7 comes with a rest api integrated that allow list users:

curl -s http://wpsite/wp-json/wp/v2/users/
curl -s http://wpsite/?rest_route=/wp/v2/users
curl http://wpsite/?_method=GET -d rest_route=/wp/v2/users

Know the username of a administrator is the half battle, now an attacker only need guest the password.
This plugin stop it.

Also, is possible get usernames from the post entries.
This plugin, hide the name of the author in a post entry if he is not using a nickname.
Also, hide the url page link of an administrator author.

The main goal is hide the administrators usernames.
Obviously, is better not choose “admin” as the username because is easiliy guessable.

Installation

Upload no-user-enumeration to the /wp-content/plugins/ directory
Activate the plugin through the ‘Plugins’ menu in WordPress

Frequently Asked Questions

.

Review feed

No reviews available

Screenshots

No screenshots available

Changelog

1.3.2

Using WP_DEBUG not emit undefined index notice.

1.3.1

Minor changes.

1.3

Fix bypass protection using this: curl http://wpsite/?_method=GET -d rest_route=/wp/v2/users

1.2

Disallow list users using the rest api.
Compatibility with plugin WP All Import.

1.1

Hide admin usernames in post replies. Improved security.

1.0

First version.

Back to plugins