[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fK-YX4MIAJ4kFXjhzN-2CjqkAyX6Eg_vx4uft_shr3Es":3},{"slug":4,"display_name":5,"profile_url":6,"plugin_count":7,"total_installs":8,"avg_security_score":9,"avg_patch_time_days":10,"trust_score":11,"computed_at":12,"plugins":13},"carlost800","Carlos","https:\u002F\u002Fprofiles.wordpress.org\u002Fcarlost800\u002F",1,200,85,30,84,"2026-04-04T13:41:31.181Z",[14],{"slug":15,"name":16,"version":17,"author":5,"author_profile":6,"description":18,"short_description":19,"active_installs":8,"downloaded":20,"rating":21,"num_ratings":21,"last_updated":22,"tested_up_to":23,"requires_at_least":24,"requires_php":25,"tags":26,"homepage":25,"download_link":30,"security_score":9,"vuln_count":21,"unpatched_count":21,"last_vuln_date":31,"fetched_at":32},"no-user-enumeration","No User Enumeration","1.3.2","\u003Cp>In many WordPress installations is possible enumerate usernames through the author archives, using urls like this:\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fwpsite\u002F?author=1\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fwpsite\u002F?author=1\u002F\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fwpsite\u002F?bypass=1&author%00=1\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fwpsite\u002F?author%00=%001\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fwpsite\u002F?%61uthor=1\u003C\u002Fp>\n\u003Cp>And recently wordpress since 4.7 comes with a rest api integrated that allow list users:\u003C\u002Fp>\n\u003Cp>curl -s http:\u002F\u002Fwpsite\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers\u002F\u003Cbr \u002F>\ncurl -s http:\u002F\u002Fwpsite\u002F?rest_route=\u002Fwp\u002Fv2\u002Fusers\u003Cbr \u002F>\ncurl http:\u002F\u002Fwpsite\u002F?_method=GET -d rest_route=\u002Fwp\u002Fv2\u002Fusers\u003C\u002Fp>\n\u003Cp>Know the username of a administrator is the half battle, now an attacker only need guest the password.\u003Cbr \u002F>\nThis plugin stop it.\u003C\u002Fp>\n\u003Cp>Also, is possible get usernames from the post entries.\u003Cbr \u002F>\nThis plugin, hide the name of the author in a post entry if he is not using a nickname.\u003Cbr \u002F>\nAlso, hide the url page link of an administrator author.\u003C\u002Fp>\n\u003Cp>The main goal is hide the administrators usernames.\u003Cbr \u002F>\nObviously, is better not choose “admin” as the username because is easiliy guessable.\u003C\u002Fp>\n","Stop user enumeration for security.",4695,0,"2019-10-23T03:11:00.000Z","5.2.24","2.9","",[27,28,29],"security","user-enumeration","wpscan","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-user-enumeration.1.3.2.zip",null,"2026-03-15T15:16:48.613Z"]