Title: No User Enumeration Author: Carlos Published: 4 balandžio, 2016 Last modified: 23 spalio, 2019 --- Ieškoti įskiepiuose Šis įskiepis **nebuvo išbandytas su 3 vėliausiomis WordPress versijomis**. Jis tikriausiai nėra prižiūrimas ir palaikomas, todėl gali neveikti su naujausiomis WordPress versijomis. ![](https://s.w.org/plugins/geopattern-icon/no-user-enumeration.svg) # No User Enumeration Autorius [Carlos](https://profiles.wordpress.org/carlost800/) [Parsisiųsti](https://downloads.wordpress.org/plugin/no-user-enumeration.1.3.2.zip) * [Informacija](https://lt.wordpress.org/plugins/no-user-enumeration/#description) * [Atsiliepimai](https://lt.wordpress.org/plugins/no-user-enumeration/#reviews) * [Diegimas](https://lt.wordpress.org/plugins/no-user-enumeration/#installation) * [Kūrimas](https://lt.wordpress.org/plugins/no-user-enumeration/#developers) [Pagalba](https://wordpress.org/support/plugin/no-user-enumeration/) ## Aprašymas In many WordPress installations is possible enumerate usernames through the author archives, using urls like this: http://wpsite/?author=1 http://wpsite/?author=1/ http://wpsite/?bypass=1&author%00=1 http://wpsite/?author%00=%001 http://wpsite/?%61uthor=1 And recently wordpress since 4.7 comes with a rest api integrated that allow list users: curl -s http://wpsite/wp-json/wp/v2/users/ curl -s http://wpsite/?rest_route=/wp/ v2/users curl http://wpsite/?_method=GET -d rest_route=/wp/v2/users Know the username of a administrator is the half battle, now an attacker only need guest the password. This plugin stop it. Also, is possible get usernames from the post entries. This plugin, hide the name of the author in a post entry if he is not using a nickname. Also, hide the url page link of an administrator author. The main goal is hide the administrators usernames. Obviously, is better not choose„ admin” as the username because is easiliy guessable. ## Diegimas 1. Upload `no-user-enumeration` to the `/wp-content/plugins/` directory 2. Aktyvuokite įskiepį per WordPress meniu „Įskiepiai” ## DUK . ## Atsiliepimai Įskiepis neturi atsiliepimų. ## Programuotojai ir komandos nariai “No User Enumeration” yra atviro kodo programa. Prie jos sukūrimo prisidėję žmonės surašyti toliau. Autoriai * [ Carlos ](https://profiles.wordpress.org/carlost800/) [Išverskite “No User Enumeration” į savo kalbą.](https://translate.wordpress.org/projects/wp-plugins/no-user-enumeration) ### Domina programavimas? [Peržiūrėkite kodą](https://plugins.trac.wordpress.org/browser/no-user-enumeration/), naršykite [SVN repozitorijoje](https://plugins.svn.wordpress.org/no-user-enumeration/), arba užsiprenumeruokite [kodo pakeitimų žurnalą](https://plugins.trac.wordpress.org/log/no-user-enumeration/) per [RSS](https://plugins.trac.wordpress.org/log/no-user-enumeration/?limit=100&mode=stop_on_copy&format=rss). ## Pakeitimų istorija #### 1.3.2 * Using WP_DEBUG not emit undefined index notice. #### 1.3.1 * Minor changes. #### 1.3 * Fix bypass protection using this: curl http://wpsite/?_method=GET -d rest_route =/wp/v2/users #### 1.2 * Disallow list users using the rest api. * Compatibility with plugin WP All Import. #### 1.1 * Hide admin usernames in post replies. Improved security. #### 1.0 * First version. ## Metainformacija * Version **1.3.2** * Atnaujinta **prieš 7 metai** * Aktyvių instaliacijų **100+** * WordPress versija ** 2.9 ar naujesnė ** * Ištestuota iki **5.2.24** * Kalba * [English (US)](https://wordpress.org/plugins/no-user-enumeration/) * Žymos * [security](https://lt.wordpress.org/plugins/tags/security/)[user enumeration](https://lt.wordpress.org/plugins/tags/user-enumeration/) [wpscan](https://lt.wordpress.org/plugins/tags/wpscan/) * [Daugiau](https://lt.wordpress.org/plugins/no-user-enumeration/advanced/) ## Įvertinimai No reviews have been submitted yet. [Your review](https://wordpress.org/support/plugin/no-user-enumeration/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/no-user-enumeration/reviews/) ## Autoriai * [ Carlos ](https://profiles.wordpress.org/carlost800/) ## Pagalba Turite pastabų? Reikia pagalbos? [Peržiūrėti pagalbos forumą](https://wordpress.org/support/plugin/no-user-enumeration/) ## Paremkite Galbūt norite padėti plėtoti šį įskiepį? [ Paremti įskiepio kūrimą ](https://lt.wordpress.org/plugins/no-user-enumeration/?output_format=md#)