Username revealed in author scan

  • Resolved eddyferns

    (@eddyferns)


    4 years ago

    Hi,
    Username is getting revealed in WP Scan. Below is the output:
    Found By: Author Sitemap (Aggressive Detection)
    https://www.site1.com/wp-sitemap-users-1.xml

    Protect against username enumeration is enabled for all below:
    Through the author archives
    Through the login page
    Through the blog feed
    Through the WordPress REST API
    WordPress REST API Block any access to the API *
    WordPress XML-RPC API Block any access to the API *

    Regards,
    Ed

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Add this code to the ‘ninjafirewall/lib/utils.php’ script, anywhere below line 20:

    add_filter( 'wp_sitemaps_add_provider', function ($provider, $name) {
  if ( $name == 'users' ) {
     return false;
  }
  return $provider;
}, 999, 2);

    Then let me know if that solves the issue and I’ll add it to the next release.

    Thread Starter eddyferns

    (@eddyferns)

    Excellent!

    No users revealed.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Username revealed in author scan’ is closed to new replies.