Stop User Enumeration Stopped Working

  • Resolved q120000

    (@q120000)


    1 month, 3 weeks ago

    I have used this plugin on more than one site and it has worked pretty good. However, a few days ago I have noticed my sites are being pounded with login attempts using my user name. Then I noticed in the sites’ Page Source my username is being exposed.

    In the settings “Options” all boxes are checked except “log attempts to AUTH LOG” because I do not use Fail2Ban.

    Any help will be appreciated.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Alan Fuller

    (@alanfuller)

    1 month, 3 weeks ago

    The plugin stops ‘leaks’of user names from the core WordPress, but is can’t stop leaks from badly coded themes ( or plugins ).
    In the first instance I would check your user account and check that your user ‘nice name’ does not match your user names as most good themes use the display name not the user name.

    If that does not help then sharing a link and your theme name may help me identify possible soutions.

    Thread Starter q120000

    (@q120000)

    1 month, 3 weeks ago

    Thank you for the quick reply.

    Well, you’re 100% right. I changed “Nickname” and “Display name publicly as” to not use the “Username”. Now the bots are no longer grabbing the username.

    Thank you again.

    Plugin Author Alan Fuller

    (@alanfuller)

    1 month, 3 weeks ago

    Yes I have thought about adding an ‘audit’ feature to cover this with warnings etc. as it is often missed.

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.