?author=1… 2… 3… how to stop it?

  • Hi,

    I would like to forbid people to seek for my username by typing
    https://www.example.com/?author=1 (or 2, 3,4,5… until they get my user id)

    How to block it?

    Thanks!

    P.s.
    On hardening wordpress they say to change ur admin user by creating a new one… but after it is so easy for a “hacker” to find it by using ?author= ….

    any help? i tried to put a redirect function (if ( is_author() ) { etc…) but this doesn’t hide my user id in the address bar of the browser…

Viewing 3 replies - 1 through 3 (of 3 total)

  • I don’t think it’s possible. Lots of discussions about it though. Here’s a quick one I picked off of Google.

    wordpress.stackexchange.com/questions/46469/can-i-prevent-enumeration-of-usernames

    Thread Starter gabrielcik

    (@gabrielcik)

    Hi,

    I found these solutions:

    First solution:

    RewriteCond %{REQUEST_URI}  ^/$
RewriteCond %{QUERY_STRING} ^/?author=([0-9]*)
RewriteRule ^(.*)$ https://www.wordpressexample.com/some-real-dir/ [L,R=301]

    source: https://www.question-defense.com/2012/03/20/block-wordpress-user-enumeration-secure-wordpress-against-hacking

    but i have troubles with the redirect… it always include the /?author=1 string… so if i specify my home page it generates an infinite redirect!

    Second solution:
    Specify a redirect 301 in the htaccess. ex: /author/name /
    it works but the redirect is not instantaneous and it shows the url before to redirect it…

    third solution:
    use RewriteRule for to make a redirect
    but I’m not sure how to write it… i tried smth like:
    RewriteRule /author/name /

    joe.toomey

    (@joetoomey)

    The solution you found on question-defense should work, but the RewriteRule is missing a character to remove the query string from the rewritten URL. This should work (note the additional ‘?’ at the end of the rewritten URL):

    RewriteCond %{REQUEST_URI}  ^/$
RewriteCond %{QUERY_STRING} ^/?author=([0-9]*)
RewriteRule ^(.*)$ https://www.wordpressexample.com/some-real-dir/? [L,R=301]
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘?author=1… 2… 3… how to stop it?’ is closed to new replies.