Disable Users Enumeration checked, new user name discovered

Already have a discussion underway at the Yoast support forum.

I’ve been using Yoast for years. Its been useful so I have not looked at others. Did a bit of reading about The SEO Framework and like what I see. Sounds like it might actually fit my needs as well or better, especially for this particular site.
Thanks…

The Yoast person has relayed that in a randomly checked handful of pages on a local test environment they are:

not able to find anywhere that Yoast SEO outputs the username in the source code with the exception of author archive URLs and when the display name and username are identical.

So if indeed it is a Yoast exposure, it would seem to be inadvertent, either a call that can be made to Yoast or some other unintentional metadata output.

I have started another test like the previous but I will let things run longer (+/- 48 hours) without Yoast activated and see what happens.

Not the right place for this but to confirm, if I put my ip in Enter Whitelisted IP Addresses: on the first tab of your ‘User Login’ settings page, no mater what I do I should not be locked out? Is that not correct?

With all this messing around I accidentally locked myself out by using a wrong/old login ?? but my ip is in that whitelist.
No big deal, I logged in via another ip with a good username and deleted that lockout from Dashboard > Locked ip addresses but I was momentarily quite surprised…

Hi,

if I put my ip in Enter Whitelisted IP Addresses: on the first tab of your ‘User Login’ settings page, no mater what I do I should not be locked out? Is that not correct?

Yes that is correct as long as the IP address is a static IP address.

Kind regards

One never knows how long static is but very interesting… I definitely got the “your ip has been locked out” message and the ip in the whitelist was correct. The login screen did not seem to be available – Perhaps I should have tried another browser…

Anyway, that is one of the reasons I always have more than one admin login and access to more than one ip address…

Hi,

One never knows how long static is but very interesting

If at home you have a static IP address then that will never change. However if your IP address is dynamic then of course that will always change every time you start up your computer/laptops.

Kind regards

Actually, I have had my Xfinity IP change but indeed, it was like once in several years.

Anyway, the saga continues – Presuming it’s not reasonably possible to make a call to a disabled plugin vs totally deleted, it is evidently not Yoast. It took longer but the new username started getting hits and Yoast is still disabled ??

We are experiencing the same problem with the usernames. We use AIO and Yoast on all our sites. Did you figure out a solution?
Thank you.

• This reply was modified 5 years, 3 months ago by airdrieweb.

Looking at your list of plugins, we also use Comet Cache.