Get the most out of your Centmin Mod LEMP stack
Become a Member

Wordpress wordpress stop user enumeration

Discussion in 'Blogs & CMS usage' started by hitman, Jun 28, 2016.

  1. hitman

    hitman Member

    110
    9
    18
    Jul 18, 2014
    Ratings:
    +13
    Local Time:
    8:34 PM
    hello,
    i would like to know if there is a way to stop user enumeration without using a plugin
    or which is the best way to do it

    thank you
     
  2. eva2000

    eva2000 Administrator Staff Member

    29,028
    6,588
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,780
    Local Time:
    3:34 AM
    Nginx 1.13.x
    MariaDB 5.5
    not entirely sure what you mean by user enumeration ?
     
    • Like Like x 1
  3. hitman

    hitman Member

    110
    9
    18
    Jul 18, 2014
    Ratings:
    +13
    Local Time:
    8:34 PM
  4. eva2000

    eva2000 Administrator Staff Member

    29,028
    6,588
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,780
    Local Time:
    3:34 AM
    Nginx 1.13.x
    MariaDB 5.5
    i think that answers your question security - Can I Prevent Enumeration of Usernames? - WordPress Development Stack Exchange

    so you can't if you want wordpress friendly urls

    if you use centminmod 123.09beta01 wordpress install via centmin.sh menu option 22 you can sort of work around it for admin user as the installer gives you an option to set the admin displayed username which will be different from wp login username Wordpress Nginx Auto Installer (WP Super Cache). You can also change the display names manually via profile edits on wordpress.

    edit: also try in main root location / context of wordpress vhost add

    Code (Text):
    if ($args ~ "^author=\d") { return 403; }

    or 444 return error code as wpscan deems 403 as a valid code
    Code (Text):
    if ($args ~ "^author=\d") { return 444; }
     
    Last edited: Jun 29, 2016
    • Like Like x 1