Welcome to ManageWP.org

Register to share, discuss and vote for the best WordPress stories every day, find new ideas and inspiration for your business and network with other members of the WordPress community. Join the #1 WordPress news community!

×

WordPress Username Enumeration - Vulnerability or Not?

Is WordPress username disclosure a security vulnerability or not | Oct. 22, 2015 | 1 min read

This has been discussed several times in the past and the community have a divided opinion on this. Since it was never mentioned here was wondering what this community thinks of this subject. Comments and more than welcome.

4 votes   Flag
Dipak C. Gajjar Ⓦ

The link/URL seems broken. :(

Reply
robert Abela

Oops. Do not know what happened there. Here is the URL: www.wpwhitesecurity.com/wordpress-security/wordpress-username-disclosure-vulnerability/

Reply
Paul G

This can all be mitigated with a decent security plugin. This one will change your failed login message if you enable login protection, and it also prevents username fishing using the User ID: wordpress.org/plugins/wp-simple-firewall/

Reply
robert Abela

No need for a plugin, it can be mitigated with a simple 2 line of code. But that is not the point of the article. The article is trying to highlight if such issue should be considered a vulnerability or not. With other vendors it was always considered as a vulnerability though in WordPress the developers are not even acknowledging it.

Reply