After my last post exploiting username enumeration i have looked deep and found a simple workaround to patch your blog for this vulnerability till wordpress has something to add to it.
I am right now using a wordpress plugin : Redirections
https://wordpress.org/extend/plugins/redirection/
Inside the plugin page which comes under : tools -> redirections
Add a new rule with following settings.
Source url : ^(.*)/?author=(.*)
target url : /
Reg Exp : Yes
Match : url only
Action : Redirect to url
and Add Redirection
all done… just try any url with ?author=no
now this url will be redirected back to your main page effectively nullifying the effect of user name enumeration.