Stop WordPress Username Enumeration Vulnerability

You can patch the WordPress username enumeration vulnerability by adding the following lines of code to your site's .htaccess.

# Stop WordPress username enumeration vulnerability
RewriteCond %{REQUEST_URI}  ^/$
RewriteCond %{QUERY_STRING} ^/?author=([0-9]*)
RewriteRule ^(.*)$ http://yoursite.com/somepage/? [L,R=301]
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

utf8mb4 requires a newer client library error

While checking the WordPress ‘Site Health’ status page, you may see ‘utf8mb4 requires a newer...

WordPress Resources

Getting StartedWordPress Codex - New To WordPress - Where to StartWordPress Codex - First Steps...

Optimizing WordPress Sites

For a more general information on shared hosting resource limits, please refer to the following...

What Should I Do If I Receive a ‘Resource Limits Reached’ Error?

Why are there limits in place?Resource limits on shared servers are set and enforced with...

Wordpress Brute Force Attempts / Restrict wp-admin by IP Address

Default installations of wordpress do not include any brute force protection so it is strongly...