ھي پلگ ان WordPress جي جديد 3 وڏين رليزز سان آزمايو نه ويو آھي. اهو ٿي سگهي ٿو وڌيڪ برقرار يا سپورٽ نه ٿي سگهي ۽ ٿي سگهي ٿو مطابقت جا مسئلا جڏهن ورڈپریس جي وڌيڪ تازي ورزن سان استعمال ڪيو وڃي.

No User Enumeration

وضاحت

In many WordPress installations is possible enumerate usernames through the author archives, using urls like this:

http://wpsite/?author=1

http://wpsite/?author=1/

http://wpsite/?bypass=1&author%00=1

http://wpsite/?author%00=%001

http://wpsite/?%61uthor=1

And recently wordpress since 4.7 comes with a rest api integrated that allow list users:

curl -s http://wpsite/wp-json/wp/v2/users/
curl -s http://wpsite/?rest_route=/wp/v2/users
curl http://wpsite/?_method=GET -d rest_route=/wp/v2/users

Know the username of a administrator is the half battle, now an attacker only need guest the password.
This plugin stop it.

Also, is possible get usernames from the post entries.
This plugin, hide the name of the author in a post entry if he is not using a nickname.
Also, hide the url page link of an administrator author.

The main goal is hide the administrators usernames.
Obviously, is better not choose “admin” as the username because is easiliy guessable.

انسٽاليشن

  1. Upload no-user-enumeration to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress

FAQ

.

جائزا

ھن پلگ ان لاءِ ڪي به رايا ناھن.

تعاون ڪندڙ & ڊولپرز

“No User Enumeration” اوپن سورس سافٽ ويئر آهي. ھيٺين ماڻھن ھن پلگ ان ۾ حصو ورتو آھي.

تعاون ڪندڙ

ترجمو ڪريو “No User Enumeration” توهان جي ٻولي ۾.

ڊولپمينٽ ۾ دلچسپي؟

ڪوڊ براؤز ڪريو، چيڪ ڪريو SVN مخزن، يا رڪنيت حاصل ڪريو ڊولپمينٽ لاگ پاران RSS.

لاگ تبدیل ڪريو

1.3.2

  • Using WP_DEBUG not emit undefined index notice.

1.3.1

  • Minor changes.

1.3

  • Fix bypass protection using this: curl http://wpsite/?_method=GET -d rest_route=/wp/v2/users

1.2

  • Disallow list users using the rest api.
  • Compatibility with plugin WP All Import.

1.1

  • Hide admin usernames in post replies. Improved security.

1.0

  • First version.