Only WP users as “inquirers”?

  • How is it that exclusively users already created in WordPress want to commit an “usurpation”? So far NEVER used another username! ??
    Uninstalled!

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author WPChef

    (@wpchefgadget)

    Type in your WordPress site in the browser and add /wp-json/wp/v2/users to the end of it. You will see the list of all of your users. You should disable that page!

    • This reply was modified 1 year, 9 months ago by WPChef.
    Thread Starter suziq407

    (@suziq407)

    Ups … many thanks. I found a solution for the functions.php. I will give Limit Login Attempts Reloaded a second chance ??

    Thread Starter suziq407

    (@suziq407)

    When I disable wp-json, the Gutenberg editor doesn’t work anymore and many other things don’t work either. Since only the display names are visible via wp-json, but not the login names, I hardened the login names. Our passwords are complex anyway.

    The only thing I find interesting is that AFTER my entry here, login names that don’t appear in the output of wp-json are also used PLENTY, such as “root”, “subscriber”, “testing” and so on. This has NEVER been the case before!

    Do you have an explanation for this “phenomenon”?

    Plugin Author WPChef

    (@wpchefgadget)

    Besides “/wp-json/wp/v2/users” bots also scrape websites and find usernames in the page content and URL slugs. Also more detailed info can be read using this address /wp-json/wp/v2/users/[user_id] just add it at the end of your web site.

    Thread Starter suziq407

    (@suziq407)

    Bad answer!

    There is also no more information at https://www.domain.tld/wp-json/wp/v2/users/1. Why this hint?
    Our pages do not contain names (even URL) like “root”, “subscriber”, “testing”, also not “user”, “admin”, “demo” or “laura”.

    I have been watching your tool for many months, NEVER have there been names like above. NOW SUDDENLY there are. Very strange, isn’t it?

    I found your tip about the issues of ../wp-json/wp/v2/users very valuable, honestly. But please keep it serious. You wrote in another thread that you can’t make attacks, the PRO sales intent that would be an insinuation. I agree with you about the attacks. But emails with all kinds of names you (your plugin) can send anytime.

    I’m not saying your plugin doesn’t work. But PLEASE stay serious, then I’m sure more people will be very happy to buy your PRO version too, huh?

    Plugin Author WPChef

    (@wpchefgadget)

    Hi Suziq407,

    We apologize if we did not answer your question to your satisfaction. We are unsure what is going on to cause these unusual usernames. This is not caused by our plugin. If you’d like to dig into the issue further, you can find the corresponding IP address associated with the attack and learn more about its origin. Best of luck and thank you for your inquiry.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Only WP users as “inquirers”?’ is closed to new replies.