User enumeration can be use for brute-force techniques to either guess or confirm valid users in a system. User enumeration is often a web application vulnerability, though it can also be found in any system that requires user authentication.
An enumeration attack allows a hacker to check whether a name exists in the database. For example, to set up a brute-force attack, rather than searching through login and password pairs, all they need is a matching password for a verified user name, saving time and effort.
The phrase “username harvesting” refers to a vulnerability that when exploited allows people or programs interacting with an application to determine what a valid username is vs an invalid username.
**You can check your site have user enumeration by simply type https://selectedfirms.co/wp-json/wp/v2/users that’s it. **
- We only disable for non logged in users.
- You can deactivate with single click. No extra configuration required.
- Something else about the plugin
Either using the dashboard ‘Add Plugin’ feature to find, install and activate the plugin
- Download and the plugin from the download link
- Upload the entire plugin directory to your website’s /wp-contents/plugins/ using a file manager or FTP
- Activate the plugin through the Plugins menu
How to check plugin works?
You just need to run in browser to verify <youdomin.com>/wp-json/wp/v2/users.
I have active plugin, why its still display user data in response.
Just double check to make sure, you are not logged in. This plugin won’t do anything for logged in users, it only works when you are logged out.
What about settings?
There are no settings required. We are focus on only user enumerations. Only activation is enough.
Is it change anything in database?
Plugin is work standalone. Its not required any database operations.
There are no reviews for this plugin.
Contributors & Developers
“Disable User Enumeration” is open source software. The following people have contributed to this plugin.Contributors
Interested in development?
- Initial release.