Linux 软件免费装

WP Author Security

开发者 mgmsp
更新时间 2023年4月12日 15:32
PHP版本: 7.4 及以上
WordPress版本: 6.2
版权: GPLv3

标签

privacy security author wpscan user-enumeration

下载

1.4.0 1.3.0 1.2.1 1.4.1 1.5.0

详情介绍:

WP Author Security is a lightweight but powerful plugin to protect against user enumeration attacks on author pages and other places where valid user names can be obtained. By default, Wordpress will display some sensitive information on author pages. The author page is typically called by requesting the URI https://yourdomain.tld/?author=<id> or with permalinks https://yourdomain.tld/author/<username>. The page will include (depending on your theme) the full name (first and last name) as well as the username of the author which is used to log in to Wordpress. In some cases, it is not wanted to expose this information to the public. An attacker is able to brute force valid IDs or valid usernames. This information might be used for further attacks like social engineering attacks or log in brute force attacks with gathered usernames. However, when using the plugin and you disable author pages completely it must be noted that you need to take care that your active theme will not display the author name itself on posts like "Posted by admin" or something like that. This is something the plugin will not handle (at the moment). By using the extension, you are able to disable the author pages either completely or display them only when the author has at least one published post. When the page is disabled the default 404 error page of the active theme is displayed. In addition, the plugin will also protect other locations which are commonly used by attackers to gather valid user names. These are:

安装:

  1. Install the plugin via the Dashboard Plugins -> Add new or upload the plugin's folder 'wp-author-security' from the zip into your Wordpress plugin folder wp-content/plugins/ (e.g. via ftp)
  2. Activate the plugin in the Wordpress backend
  3. Customize the settings by navigating to Settings -> WP Author Security

屏幕截图:

  • 404 page when requesting author page by user ID.
  • Log in error message when the user name exists but a wrong password is entered.

升级注意事项:

No special actions required. Simply update the plugin and adjust settings for new configuration options.

更新日志:

1.5.0 1.4.1 1.4.0 1.3.0 1.2.1 1.2.0 1.1.0 1.0.0