Stop User Enumeration
By fullworks
Description
Stop User Enumeration is a security plugin designed to detect and prevent hackers scanning your site for user login names.
User Enumeration is a type of attack where nefarious parties can probe your website to discover your login name. This is often a pre-cursor to brute-force password attacks. Stop User Enumeration helps block this initial attack and allows you to log IPs launching these attacks to block further attacks in the future.
Tools like WPSCAN are designed for use by ethical hackers and make efforts to find user login names. Ethical hackers ask permission first, this plugin is designed to reduce the tools when used without permission and when used in conjunction with fail2ban can block those attempts at the firewall.
If you are on a VPS or dedicated server, as the attack IP is logged, you can use fail2ban to block the attack directly at your server's firewall, a very powerful solution for VPS owners to stop brute force attacks as well as DDoS attacks.
If you don't have access to install fail2ban, you can still use this plugin.
The plugin can stop the user id being leaked by the oEmbed API call.
Since WordPress 4.5 user data can also be obtained by API calls without logging in, this is a WordPress feature, but if you don't need it to get user data, this plugin will restrict and log that too.
Since WordPress 5.5 sitemaps are generated by core WP which includes a user/author sitemap that exposes the user id. You can enable or disable this in the plugin settings.
This plugin includes an optional email feature for plugin news and updates. When enabled, your email address may be sent for important plugin updates and security notices. This is completely optional and requires your explicit consent via the opt-in form in the plugin settings.
The plugin logs attempted user enumeration attacks locally using WordPress's standard logging system. IP addresses of potential attackers are logged locally for security monitoring. These logs remain on your server and are not transmitted to any external service. Logs can be used with fail2ban or similar tools for enhanced security.
Other Notable Features
Here are a few other notable features of this free Stop User Enumeration plugin.
FAQ
Are you logged in? This plugin won’t do anything for logged in users, it only works when you are logged out. This is the way it is designed. A common mistake is to install the plugin and test it, while still logged in as admin.
Contributors and developers
“Stop User Enumeration” is open source software. The following people have contributed to this plugin.
WPS
7.12
Very Good
Ratings
4.9 out of 5 | 129
Version
1.7.7
Last updated
3 months ago
Active installations
50,000+
WordPress version
6.9.4 or higher
PHP version
7.4 or higher
Languages
3Tags
Fail2ban,Security,User Enumeration,WpscanOther plugins you might like
Wordfence Security – Firewall, Malware Scan, and Login Security
By Mark Maunder
WPS
8.04
Very Good
4.8k+reviews
active installation
Tested with
6.9.4
Jetpack – WP Security, Backup, Speed, & Growth
By Automattic
WPS
7.84
Very Good
2.4k+reviews
active installation
Tested with
6.9.4
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)
By Really Simple Plugins
WPS
8
Very Good
8.8k+reviews
active installation
Tested with
6.9.4
WPS Hide Login
By Remy Perona
WPS
7.23
Very Good
2.1k+reviews
active installation
Tested with
6.9.4
Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall
By WPChef
WPS
7.55
Very Good
1.4k+reviews
active installation
Tested with
6.9.4
Security Optimizer – The All-In-One Protection Plugin
By SiteGround
WPS
7.23
Very Good
153+reviews
active installation
Tested with
6.9.4