Stop user enumeration

- [Narrator] User enumeration refers…to a technique that enables an attacker…to get the usernames that are registered at your site.…Once an attacker identifies a username,…they can use it to focus a brute force attack…against your login page and try to gain access…to the admin area.…This video shows you a quick way to prevent this…by disabling user enumeration on your site.…To see an example of how user enumeration works…let's visit the home page of our demo site.…In the address bar we can enter /?author=1…When this URL is requested, WordPress displays…the associated author archive page,…which displays all posts from the author…whose ID is one.…

This is how an attacker can get your username.…It shows right here in the address bar…and also in some themes right here…in the archive page itself.…Returning to the admin area,…we can check out the user profile screen…which shows that the display name is WordPress User.…This is the same name that we just…saw displayed on the author archive page…and this is the administrator's login username,…