Title: No User Enumeration Author: Carlos Published: 4 de Abril, 2016 Last modified: 23 de Outubro, 2019 --- Buscar plugins Este plugin **non se actualizou en máis de 2 anos**. É posible que xa non sexa compatible ou mantido por ninguén, ou podes ter problemas de compatibilidade cando se usa con novas versións de WordPress. ![](https://s.w.org/plugins/geopattern-icon/no-user-enumeration.svg) # No User Enumeration Por [Carlos](https://profiles.wordpress.org/carlost800/) [Descargar](https://downloads.wordpress.org/plugin/no-user-enumeration.1.3.2.zip) * [Detalles](https://gl.wordpress.org/plugins/no-user-enumeration/#description) * [Valoracións](https://gl.wordpress.org/plugins/no-user-enumeration/#reviews) * [Instalación](https://gl.wordpress.org/plugins/no-user-enumeration/#installation) * [Desenvolvemento](https://gl.wordpress.org/plugins/no-user-enumeration/#developers) [Soporte](https://wordpress.org/support/plugin/no-user-enumeration/) ## Descrición In many WordPress installations is possible enumerate usernames through the author archives, using urls like this: http://wpsite/?author=1 http://wpsite/?author=1/ http://wpsite/?bypass=1&author%00=1 http://wpsite/?author%00=%001 http://wpsite/?%61uthor=1 And recently wordpress since 4.7 comes with a rest api integrated that allow list users: curl -s http://wpsite/wp-json/wp/v2/users/ curl -s http://wpsite/?rest_route=/wp/ v2/users curl http://wpsite/?_method=GET -d rest_route=/wp/v2/users Know the username of a administrator is the half battle, now an attacker only need guest the password. This plugin stop it. Also, is possible get usernames from the post entries. This plugin, hide the name of the author in a post entry if he is not using a nickname. Also, hide the url page link of an administrator author. The main goal is hide the administrators usernames. Obviously, is better not choose“ admin” as the username because is easiliy guessable. ## Instalación 1. Upload `no-user-enumeration` to the `/wp-content/plugins/` directory 2. Activate the plugin through the ‘Plugins’ menu in WordPress ## Preguntas frecuentes . ## Comentarios Non hai recensións para este plugin. ## Colaboradores e desenvolvedores “No User Enumeration” é un software de código aberto. As seguintes persoas colaboraron con este plugin. Colaboradores * [ Carlos ](https://profiles.wordpress.org/carlost800/) [Traduce “No User Enumeration” ao teu idioma.](https://translate.wordpress.org/projects/wp-plugins/no-user-enumeration) ### Interesado no desenvolvemento? [Revisa o código](https://plugins.trac.wordpress.org/browser/no-user-enumeration/), bota unha ollada ao[repositorio SVN](https://plugins.svn.wordpress.org/no-user-enumeration/), ou subscríbete ao [log de desenvolvemento](https://plugins.trac.wordpress.org/log/no-user-enumeration/) por [RSS](https://plugins.trac.wordpress.org/log/no-user-enumeration/?limit=100&mode=stop_on_copy&format=rss). ## Rexistro de cambios #### 1.3.2 * Using WP_DEBUG not emit undefined index notice. #### 1.3.1 * Minor changes. #### 1.3 * Fix bypass protection using this: curl http://wpsite/?_method=GET -d rest_route =/wp/v2/users #### 1.2 * Disallow list users using the rest api. * Compatibility with plugin WP All Import. #### 1.1 * Hide admin usernames in post replies. Improved security. #### 1.0 * First version. ## Meta * Versión **1.3.2** * Última actualización **Fai 6 anos** * Instalacións activas **200+** * Versión de WordPress ** 2.9 ou superior ** * Probado ata **5.2.24** * Idioma * [English (US)](https://wordpress.org/plugins/no-user-enumeration/) * Etiquetas * [security](https://gl.wordpress.org/plugins/tags/security/)[user enumeration](https://gl.wordpress.org/plugins/tags/user-enumeration/) [wpscan](https://gl.wordpress.org/plugins/tags/wpscan/) * [Vista avanzada](https://gl.wordpress.org/plugins/no-user-enumeration/advanced/) ## Valoracións Aínda non se enviaron valoracións. [Your review](https://wordpress.org/support/plugin/no-user-enumeration/reviews/#new-post) [Ver todas as valoracións](https://wordpress.org/support/plugin/no-user-enumeration/reviews/) ## Colaboradores * [ Carlos ](https://profiles.wordpress.org/carlost800/) ## Soporte Tes algo que dicir? Necesitas axuda? [Ver o foro de soporte](https://wordpress.org/support/plugin/no-user-enumeration/) ## Doar Queres apoiar o progreso deste plugin? [ Dona a este plugin ](https://gl.wordpress.org/plugins/no-user-enumeration/?output_format=md#)