Stop User Enumeration

User Enumeration is a method hackers and scanners use to get your username. This plugin stops it.

More information »

Potentially unsafe

Confidence: Medium This plugin has been given a short, targeted code review.

Before using this plugin, you should very carefully consider its potential problems and should conduct a thorough assessment.

More information about this recommendation

Warning: Version 1.3.4 of this plugin has known vulnerabilities

The version of this plugin that this recommendation was based on is known to be vulnerable to attack:

Warning: old version

This recommendation applies to version 1.3.4 of this plugin, but the most recent version is 1.3.9. These findings may no longer be correct.

Findings

  • WordPress 4.7 includes an API for getting all users – this plugin does not block that
  • Attempts to block traditional user enumeration via /?author=1 (and similar POST requests) but fails

Reason for the 'Potentially unsafe' result

The plugin has been given this recommendation at the tester's discretion:

We conduct these inspections for our own use, and publish them in the hope that they may be useful to others. We don't guarantee that these findings are correct.

Please read this site's terms of service before taking any action based on information published here.

Testers
Tom Adams
Last revised
January 4, 2017
Versions tested
1.3.4
Plugin homepage
Stop User Enumeration
Other versions

None listed