User enumeration not stopped

  • Resolved wordbob77

    (@wordbob77)


    3 years, 9 months ago

    I’ve enabled user enumeration blocking. But pulling up this URL in a fresh browser enumerates all users still:

    https://www.MY WEBSITE ADDRESS.com/wp-json/wp/v2/users

Viewing 1 replies (of 1 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    When you enable Disable Users Enumeration it will prevent the following type of URLs yoursite.com/?author=3. It will display the following error message Accessing author info via link is forbidden.

    But pulling up this URL in a fresh browser enumerates all users still:
    https://www.MY WEBSITE ADDRESS.com/wp-json/wp/v2/users

    Judging from the above comment you need to enable the following feature Disallow Unauthorized REST Requests:. When enabled, the WP REST API protects against queries made to the rest api. eg: https://yoursite.com/wp-json/wp/v2/. When attempting to visit this URL, they will see the following error message You are not authorized to perform this action.

    Let me know if the above helps you.

    Thank you

Viewing 1 replies (of 1 total)
  • The topic ‘User enumeration not stopped’ is closed to new replies.