Popis
Disable Feeds And Hide Usernames
removes the rss feeds like below. For a simple CMS site it is not required.
* http://example.com/feed/
* http://example.com/feed/rss/
* http://example.com/feed/rss2/
* http://example.com/feed/rdf/
* http://example.com/feed/atom/
Why Hide WordPress Usernames
WordPress usernames can easily be guessed. If guessed it makes the attackers’ life easier especially in case of a targeted WordPress hack attack. Attackers can use a tool such as WPScan to guess your WordPress username or simply by entering a URL such as the following:
http://www.example.com/?author=1
If the author ID is valid then they will be redirected to the author URL, for example:
http://www.example.com/author/admin
The above is possible even when you change the WordPress user IDs. For example if you changed the user ID to 1000, then by requesting the URL http://www.example.com/?author=1000 the attacker can guess the username. This means that you would be delaying the guessing attack but not completely eliminating it.
WordPress usernames can also be found in the source of rss feeds.
Disable Feeds And Hide Usernames
hides the usernames to make it harder for the attacker.
Instalace
- Install using the WordPress built-in Plugin installer, or Extract the zip file and drop the contents in the
wp-content/plugins/directory of your WordPress installation. - Activate the plugin through the ‚Plugins‘ menu in WordPress.
Recenze
Autoři
Disable Feeds And Hide Usernames je otevřený software. Následující lidé přispěli k vývoji tohoto pluginu.
Spolupracovníci
Přeložte “Disable Feeds And Hide Usernames” do svého jazyka.
Zajímá vás vývoj?
Prohledejte kód, podívejte se do SVN repozitáře, nebo se přihlaste k odběru protokolu vývoje pomocí RSS.