Security Bonus

I almost always install this as if it were a core WP component, and I love it.

I came here today just to add this: Turn on Wildcards, and add the following redirect:

/?author=*
redirect to
/no-such-user/

(do not bother creating any page or folder called no-such user)

Adding /?author=1 or /?author=2 etc. to a WordPress URL will reveal the login name of a user, which bots and hackers will then use in brute-force attacks.

That simple redirect prevents them from being able to extract a username from your site, simply, and easily.

If you do it as I present it, it sends them to your 404 page.

• This topic was modified 6 years, 9 months ago by dmkizer.