Can see username by hovering over "Posted by" link

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hi,

    This plugin justs tries to stop a specific technique of user enumeration, i.e. adding to the url ?author=<n> where n is a number to return the user name. this techniques is used by several automated hacking tools.

    Unfortunately it doesn’t attempt to stop all displays of user ids revealed by themes, I’m not even sure if there is a way of achieving this without changing wordpress core.

    Thread Starter Teresa Lo

    (@teresa_lo)

    Many thanks for the information.

    For additional security, I guess best practice is to

    1. Create editor level user for posting articles, and not use admin level user to do that.

    2. Use 2-factor authentication such as the Wordfence plugin.

    T.

    Hi 100% correct there.

    This is just one part of many things to in ‘hardening’ a WordPress websites, and there are several top notch security plugins out there that help (my favorite is WordFence)

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Can see username by hovering over "Posted by" link’ is closed to new replies.