login attemts with existing user names

  • Resolved Qtwix

    (@albiurs)


    5 years, 10 months ago

    Hello,

    In recent years, I registered only login attempts using nicknames (and other rubbish) logged on my websites. But for a couple of days I get tons of login attempts with correct _REAL_USER_NAMES_ logged by Wordfence! I now figured out that the real username of the user who uploaded a media item is shown in the page source of the media permalink page (not only the nickname), which is a big disaster… E.g. https://domain.com/author/username/

    Is there a way to globally prevent real usernames to be displayed in the page source?

    Thanks!

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi @albiurs,

    Author names showing up in media posts are handled by your theme. There are plugins that are designed to remove author names, but they do not work for all custom themes.

    Unfortunately, Wordfence does not provide this functionality.

    Dave

    Thread Starter Qtwix

    (@albiurs)

    @wfdave Thanks, for your reply! So, could you please add the option to remove author names to the list of feature requests? I think this would definitively be one to further increase the security of a site.

    Thanks!

    Hi again!

    I just had a chat with the Wordfence team and this is our stance:

    We believe that a strong password (along with 2FA) is the best way to keep an account secure.

    Some users on a site however, may opt to use a weak password, and that is why we prevent the discovery of usernames via the WordPress API (/?author=ID).

    Someone brought up an example regarding social media accounts. If someone knows your email, they know your username, if someone knows your twitter handle, same thing.

    Dave

    Hey @albiurs

    Check this out:

    Change Author/Username in WordPress

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘login attemts with existing user names’ is closed to new replies.