Security Bonus

  • I almost always install this as if it were a core WP component, and I love it.

    I came here today just to add this: Turn on Wildcards, and add the following redirect:

    /?author=*
    redirect to
    /no-such-user/

    (do not bother creating any page or folder called no-such user)

    Adding /?author=1 or /?author=2 etc. to a WordPress URL will reveal the login name of a user, which bots and hackers will then use in brute-force attacks.

    That simple redirect prevents them from being able to extract a username from your site, simply, and easily.

    If you do it as I present it, it sends them to your 404 page.

    • This topic was modified 6 years, 9 months ago by dmkizer.
  • The topic ‘Security Bonus’ is closed to new replies.