{"id":133546,"date":"2020-12-16T07:50:04","date_gmt":"2020-12-16T07:50:04","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/disabling-user-enumeration\/"},"modified":"2020-12-16T07:49:37","modified_gmt":"2020-12-16T07:49:37","slug":"disabling-user-enumeration","status":"publish","type":"plugin","link":"https:\/\/pcd.wordpress.org\/plugins\/disabling-user-enumeration\/","author":17533413,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.0","stable_tag":"trunk","tested":"5.5.18","requires":"4.7","requires_php":"7.2","requires_plugins":"","header_name":"Disabling User Enumeration","header_author":"Vasim Shaikh","header_description":"Disable User Enumeration is a plugin designed to prevent hackers scanning your site for user names using REST API call.","assets_banners_color":"8d576c","last_updated":"2020-12-16 07:49:37","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/developeratfiverr.in\/","rating":0,"author_block_rating":0,"active_installs":30,"downloads":1203,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":[],"upgrade_notice":[],"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":2440405,"resolution":"128x128","location":"assets","locale":""}},"assets_banners":{"banner-772x250.png":{"filename":"banner-772x250.png","revision":2440405,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":[],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":2440405,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":2440405,"resolution":"2","location":"assets","locale":""}},"screenshots":{"1":"Activate plugin.","2":"Restriction applied on username."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[194117,194118,46130],"plugin_category":[],"plugin_contributors":[176319],"plugin_business_model":[],"class_list":["post-133546","plugin","type-plugin","status-publish","hentry","plugin_tags-disable-user-enumeration","plugin_tags-rest-api-user-enumeration","plugin_tags-user-enumeration","plugin_contributors-incredibledeveloperr","plugin_committers-incredibledeveloperr"],"banners":{"banner":"https:\/\/ps.w.org\/disabling-user-enumeration\/assets\/banner-772x250.png?rev=2440405","banner_2x":false,"banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/disabling-user-enumeration\/assets\/icon-128x128.png?rev=2440405","icon_2x":false,"generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/disabling-user-enumeration\/assets\/screenshot-1.png?rev=2440405","caption":"Activate plugin."},{"src":"https:\/\/ps.w.org\/disabling-user-enumeration\/assets\/screenshot-2.png?rev=2440405","caption":"Restriction applied on username."}],"raw_content":"\n

User enumeration can be use for brute-force techniques to either guess or confirm valid users in a system. User enumeration is often a web application vulnerability, though it can also be found in any system that requires user authentication.<\/p>\n\n

An enumeration attack allows a hacker to check whether a name exists in the database. For example, to set up a brute-force attack, rather than searching through login and password pairs, all they need is a matching password for a verified user name, saving time and effort.<\/p>\n\n

The phrase \u201cusername harvesting\u201d refers to a vulnerability that when exploited allows people or programs interacting with an application to determine what a valid username is vs an invalid username.<\/p>\n\n

**You can check your site have user enumeration by simply type https:\/\/selectedfirms.co\/wp-json\/wp\/v2\/users that's it. **<\/p>\n\n

Features:<\/p>\n\n

    \n
  1. We only disable for non logged in users.<\/li>\n
  2. You can deactivate with single click. No extra configuration required.<\/li>\n
  3. Something else about the plugin<\/li>\n<\/ol>\n\n\n

    Either using the dashboard \u2018Add Plugin\u2019 feature to find, install and activate the plugin<\/p>\n\n

      \n
    1. Download and the plugin from the download link<\/li>\n
    2. Upload the entire plugin directory to your website\u2019s \/wp-contents\/plugins\/ using a file manager or FTP<\/li>\n
    3. Activate the plugin through the Plugins menu<\/li>\n<\/ol>\n\n\n
      \n

      How to check plugin works?<\/h3><\/dt>\n

      You just need to run in browser to verify <youdomin.com>\/wp-json\/wp\/v2\/users.<\/p><\/dd>\n

      I have active plugin, why its still display user data in response.<\/h3><\/dt>\n

      Just double check to make sure, you are not logged in. This plugin won\u2019t do anything for logged in users, it only works when you are logged out.<\/p><\/dd>\n

      What about settings?<\/h3><\/dt>\n

      There are no settings required. We are focus on only user enumerations. Only activation is enough.<\/p><\/dd>\n

      Is it change anything in database?<\/h3><\/dt>\n

      Plugin is work standalone. Its not required any database operations.<\/p><\/dd>\n\n<\/dl>\n\n\n

      0.1<\/h4>\n\n
        \n
      • Initial release.<\/li>\n<\/ul>","raw_excerpt":"Disable User Enumeration is a plugin designed to prevent hackers scanning your site for user names using REST API call.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/133546","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=133546"}],"author":[{"embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/incredibledeveloperr"}],"wp:attachment":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=133546"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=133546"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=133546"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=133546"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=133546"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=133546"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}