Title: Stop User Enumeration Author: fullworks Published: ಆಗಷ್ಟ್ 20, 2013 Last modified: ಡಿಸೆಂಬರ್ 15, 2025 --- Search plugins ![](https://ps.w.org/stop-user-enumeration/assets/banner-772x250.png?rev=1677695) ![](https://ps.w.org/stop-user-enumeration/assets/icon-256x256.png?rev=1677689) # Stop User Enumeration ‍[fullworks](https://profiles.wordpress.org/fullworks/) ಮೂಲಕ [ಡೌನ್ಲೋಡ್](https://downloads.wordpress.org/plugin/stop-user-enumeration.1.7.7.zip) * [Details](https://kn.wordpress.org/plugins/stop-user-enumeration/#description) * [‍ವಿಮರ್ಶೆಗಳು‍](https://kn.wordpress.org/plugins/stop-user-enumeration/#reviews) * [Installation](https://kn.wordpress.org/plugins/stop-user-enumeration/#installation) * [Development](https://kn.wordpress.org/plugins/stop-user-enumeration/#developers) [‍ಬೆಂಬಲಿಸಿ](https://wordpress.org/support/plugin/stop-user-enumeration/) ## ವಿವರಣೆ Stop User Enumeration is a security plugin designed to detect and prevent hackers scanning your site for user login names. User Enumeration is a type of attack where nefarious parties can probe your website to discover your login name. This is often a pre-cursor to brute-force password attacks. Stop User Enumeration helps block this initial attack and allows you to log IPs launching these attacks to block further attacks in the future. Tools like WPSCAN are designed for use by ethical hackers and make efforts to find user login names. Ethical hackers ask permission first, this plugin is designed to reduce the tools when used without permission and when used in conjunction with fail2ban can block those attempts at the firewall. If you are on a VPS or dedicated server, as the attack IP is logged, you can use( optional additional configuration) fail2ban to block the attack directly at your server’s firewall, a very powerful solution for VPS owners to stop brute force attacks as well as DDoS attacks. If you don’t have access to install fail2ban ( e.g. on a Shared Host ) you can still use this plugin. The plugin can stop the user id being leaked by the oEmbed API call. Since WordPress 4.5 user data can also be obtained by API calls without logging in, this is a WordPress feature, but if you don’t need it to get user data, this plugin will restrict and log that too. Since WordPress 5.5 sitemaps are generated by core WP ( wp-sitemap.xml ) which includes a user/author sitemap that exposes the user id. You can enable / disable this in the plugin settings. #### PHP 8.4 compatible Tested on PHP 8.4 #### Features Include * Blocks user enumeration requests by GET or POST * Syslogs a block so Fail2Ban can be used to block an IP * Optionally blocks REST API user requests for non authorized users * Optionally removes author sitemap * Optionally removes author from OEMBED * Optionally removes numbers from comment authors ### Privacy This plugin includes an optional email feature for plugin news and updates. When enabled: * Your email address may be sent to https://fullworksplugins.com for important plugin updates and security notices * This is completely optional and requires your explicit consent via the opt-in form in the plugin settings * No data is collected or transmitted without your permission * You can opt-out at any time from the plugin settings * No other personal data is collected or transmitted to external services The plugin logs attempted user enumeration attacks locally using WordPress’s standard logging system: * IP addresses of potential attackers are logged locally for security monitoring * These logs remain on your server and are not transmitted to any external service * Logs can be used with fail2ban or similar tools for enhanced security For more information about data handling, please visit https://fullworksplugins. com/privacy-policy/ ## Installation This section describes how to install the plugin and get it working. Either using the dashboard ‘Add Plugin’ feature to find, install and activate the plugin, or 1. Download and the plugin from the download link 2. Upload the entire stop-user-enumeration directory to your website’s /wp-contents/plugins/stop-user- enumeration using a file manager or FTP 3. Activate the plugin through the Plugins menu ## FAQ ### It doesn’t seem to work! Are you logged in? This plugin won’t do anything for logged in users, it only works when you are logged out. This is the way it is designed. A common mistake is to install the plugin and test it, while still logged in as admin. ### My username still seems to be leaked! Themes and xml feeds will include your user ‘Display Name’. If you do not specify any name details or nick name, the ‘Display Name’ will default to your user login name. Make sure your Display Name is always set NOT to your user name or it will be leaked in multiple places. ### Are there any settings? Yes, but the default ones are fine for most cases ### This doesn’t work with PHP 5.6 or 7.1 ! This plugin does not support PHP less than 7.4. You really need to sort out your hosting, running version of software way past its supported end of life is a security risk. ### Will it work on Multisite? ಹೌದು ### Why don’t I just block with .htaccess A .htaccess solution is insufficient for several reasons, but most published posts on the subject do not cover POST blocking, REST API blocking and inadvertently block admin users access. And don’t log the IP to a firewall, the major benefit! ### Does it break anything? If a comment is left by someone just giving a number that comment would be forbidden, as it is assumed a hack attempt, but the plugin has a bit of code that strips out numbers from comment author namesa1 Also usernames containing numbers may not work in the front end. Additionally the default rule for Rest APi is anything with users in it, so other plugins may set up endpoints. ### How can I change the Rest API match rules There are two filters `stop_user_enumeration_rest_stop_match` set to `/users/i` by default and `stop_user_enumeration_rest_allowed_match` set to `simple-jwt-login` by default ( to allow that plugin’s endpoints ) ### Developer Hooks and Filters The following hooks and filters are available for developers: **Filters:** * `stop_user_enumeration_rest_stop_match` – Modify the pattern used to detect REST API user queries (default: `/users/i`) * `stop_user_enumeration_rest_allowed_match`– Add exceptions to the REST API blocking rules (default: `/simple-jwt-login/i`) *` stop_user_enumeration_ip` – Filter the detected IP address before logging or processing( useful for integration with CDNs or proxies) * `stop_user_enumeration_should_block`– Determine if a request should be blocked based on IP or other conditions (return false to allow the request) **Actions:** * `stop_user_enumeration_attempt` – Triggered when user enumeration attempt is detected and logged (passes the IP address as parameter) These hooks enable add-on features like limit login attempts, block lists, WAF notifications, and integration with external services like Cloudflare. ### Do I need fail2ban for this to work? No, but fail2ban will allow you to block IP addresses at your VPS / Dedicated server firewall that attempt user enumeration. ### What is the fail2ban config? An fail2ban config file, wordpress-userenum.conf is found in the plugin directory stop-user-enumeration/fail2ban/filter.d ### What needs to go in the fail2ban jail.local? An example jail.local is found in plugin directory stop-user-enumeration/fail2ban ### How can I report security bugs? You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. [Report a security vulnerability.](https://patchstack.com/database/vdp/stop-user-enumeration) ## ‍ವಿಮರ್ಶೆಗಳು‍ ![](https://secure.gravatar.com/avatar/6fc085c96dbebc44f6ec900f231800368c2077ce37be7d9c01bbe793886a9f3b? s=60&d=retro&r=g) ### 󠀁[Excelente.](https://wordpress.org/support/topic/excelente-4231/)󠁿 [Luis Feo](https://profiles.wordpress.org/luis-feo/) ಮಾರ್ಚ್ 31, 2026 1 reply Excelente. Lo recomiendo. Fine!! ![](https://secure.gravatar.com/avatar/b0ee7f70f6e021ecf2a9d72268266fc2c2f3dd1e639ea18f4d450a996395ab25? s=60&d=retro&r=g) ### 󠀁[Great plug-in and easy to use](https://wordpress.org/support/topic/great-plug-in-and-easy-to-use-4/)󠁿 [Zinster](https://profiles.wordpress.org/zinster/) ಮಾರ್ಚ್ 16, 2026 Very helpful plug-in, thanks for developing it! ![](https://secure.gravatar.com/avatar/32f984ad1b86cb1e0ab8f9fbf80aae1099809066e2291808085690bcb87f0c3e? s=60&d=retro&r=g) ### 󠀁[Seems good](https://wordpress.org/support/topic/seems-good-41/)󠁿 [poppphoto](https://profiles.wordpress.org/poppphoto/) ಮಾರ್ಚ್ 6, 2026 I have installed this plug-in about a month ago – seems it works fine, I have had no trouble at all. ![](https://secure.gravatar.com/avatar/3ad767dfb274526597cfca3b46a765cfff395a5bd8c03238dc62544926b2a511? s=60&d=retro&r=g) ### 󠀁[Good plugin](https://wordpress.org/support/topic/good-plugin-7291/)󠁿 [marliesvaz](https://profiles.wordpress.org/marliesvaz/) ಫೆಬ್ರವರಿ 11, 2026 I love it. ![](https://secure.gravatar.com/avatar/700c3aab8c75d44d566d073d4ee5a5a2fe84b8ef941cd33cf91813b2323c2f41? s=60&d=retro&r=g) ### 󠀁[Καλό](https://wordpress.org/support/topic/%ce%ba%ce%b1%ce%bb%cf%8c-5/)󠁿 [alecos2013](https://profiles.wordpress.org/alecos2013/) ಏಪ್ರಿಲ್ 23, 2025 1 reply Κάνει αυτό που πρέπει. ![](https://secure.gravatar.com/avatar/b4a2184f98e3d34ddfd809dc0428132bb53a7f831ec7461101ca87cc11402e21? s=60&d=retro&r=g) ### 󠀁[Simple and Delivers what it Promises](https://wordpress.org/support/topic/simple-and-delivers-what-it-promises/)󠁿 [jeffw203](https://profiles.wordpress.org/jeffw203/) ಆಗಷ್ಟ್ 26, 2024 I’ve used this for years on dozens of sites. Blocking user enumeration should be a standard option in Wordpress core. Until that day, this is the low-footprint plugin you need. [ Read all 130 reviews ](https://wordpress.org/support/plugin/stop-user-enumeration/reviews/) ## Contributors & Developers “Stop User Enumeration” is open source software. The following people have contributed to this plugin. ಕೊಡುಗೆದಾರರು * [ fullworks ](https://profiles.wordpress.org/fullworks/) * [ Alan Fuller ](https://profiles.wordpress.org/alanfuller/) “Stop User Enumeration” has been translated into 2 locales. Thank you to [the translators](https://translate.wordpress.org/projects/wp-plugins/stop-user-enumeration/contributors) for their contributions. [Translate “Stop User Enumeration” into your language.](https://translate.wordpress.org/projects/wp-plugins/stop-user-enumeration) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/stop-user-enumeration/), check out the [SVN repository](https://plugins.svn.wordpress.org/stop-user-enumeration/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/stop-user-enumeration/) by [RSS](https://plugins.trac.wordpress.org/log/stop-user-enumeration/?limit=100&mode=stop_on_copy&format=rss). ## Changelog [Change Log](https://fullworksplugins.com/docs/stop-user-enumeration/usage-stop-user-enumeration/change-log-4/) ## ಮೆಟಾ * Version **1.7.7** * ಕೊನೆಯದಾಗಿ ನವೀಕರಿಸಿದ್ದು **4 ತಿಂಗಳುಗಳು ರ ಮುನ್ನ** * Active installations **50,000+** * WordPress version ** 6.3 or higher ** * Tested up to **6.9.4** * PHP version ** 7.4 or higher ** * Languages * [Dutch](https://nl.wordpress.org/plugins/stop-user-enumeration/), [English (US)](https://wordpress.org/plugins/stop-user-enumeration/), ಮತ್ತು [Swedish](https://sv.wordpress.org/plugins/stop-user-enumeration/). * [Translate into your language](https://translate.wordpress.org/projects/wp-plugins/stop-user-enumeration) * ಟ್ಯಾಗ್‌ಗಳು * [fail2ban](https://kn.wordpress.org/plugins/tags/fail2ban/)[security](https://kn.wordpress.org/plugins/tags/security/) [user enumeration](https://kn.wordpress.org/plugins/tags/user-enumeration/)[wpscan](https://kn.wordpress.org/plugins/tags/wpscan/) * [Advanced View](https://kn.wordpress.org/plugins/stop-user-enumeration/advanced/) ## Ratings 4.9 out of 5 stars. * [ 126 5-star reviews ](https://wordpress.org/support/plugin/stop-user-enumeration/reviews/?filter=5) * [ 2 4-star reviews ](https://wordpress.org/support/plugin/stop-user-enumeration/reviews/?filter=4) * [ 1 3-star review ](https://wordpress.org/support/plugin/stop-user-enumeration/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/stop-user-enumeration/reviews/?filter=2) * [ 1 1-star review ](https://wordpress.org/support/plugin/stop-user-enumeration/reviews/?filter=1) [ನನ್ನ ವಿಮರ್ಶೆಯನ್ನು ಸೇರಿಸಿ](https://wordpress.org/support/plugin/stop-user-enumeration/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/stop-user-enumeration/reviews/) ## ಕೊಡುಗೆದಾರರು * [ fullworks ](https://profiles.wordpress.org/fullworks/) * [ Alan Fuller ](https://profiles.wordpress.org/alanfuller/) ## ‍ಬೆಂಬಲಿಸಿ Issues resolved in last two months: 1 out of 2 [View support forum](https://wordpress.org/support/plugin/stop-user-enumeration/) ## ದೇಣಿಗೆ ನೀಡಿ Would you like to support the advancement of this plugin? [ Donate to this plugin ](https://www.buymeacoffee.com/wpdevalan)