Category Archives: howto

protection wordpress username enumeration

After my last post exploiting username enumeration i have looked deep and found a simple workaround to patch your blog for this vulnerability till wordpress has something to add to it.

I am right now using a wordpress plugin : Redirections
https://wordpress.org/extend/plugins/redirection/

Inside the plugin page which comes under : tools -> redirections

Add a new rule with following settings.

Source url : ^(.*)/?author=(.*)
target url : /
Reg Exp : Yes
Match : url only
Action : Redirect to url

and Add Redirection

all done… just try any url with ?author=no

now this url will be redirected back to your main page effectively nullifying the effect of user name enumeration.