Exposed users endpoint

  • Resolved digitalant

    (@digitalant)


    4 years, 9 months ago

    I had disabled unauthorized access to the users API endpoint using Wordfence and it worked quite well for me. After I installed and enabled this plugin, on a WooCommerce website I manage, it exposed the users endpoint and allowed attackers to harvest usernames. I noticed a large number of requests to the users endpoint requesting 100 usernames in each go. The endpoint was disabled when I disabled this plugin. Is there a way I can disable caching for certain endpoints? It’s a great plugin and significantly improved the API fetches from my website but I can’t use it if it allows usernames to be harvested.

Viewing 1 replies (of 1 total)
  • Plugin Author Richard Korthuis

    (@rockfire)

    Hi @digitalant

    Thank you for using our plugin! And sorry for responding this late, we have been quite busy lately.

    To answer your question: Yes you can disable caching for certain endpoints, see our FAQ for instruction on how to do so.

Viewing 1 replies (of 1 total)
  • The topic ‘Exposed users endpoint’ is closed to new replies.