Join Jeff Starr for an in-depth discussion in this video Stop user enumeration, part of WordPress: Developing Secure Sites .
- [Narrator] User enumeration refers…to a technique that enables an attacker…to get the usernames that are registered at your site.…Once an attacker identifies a username,…they can use it to focus a brute force attack…against your login page and try to gain access…to the admin area.…This video shows you a quick way to prevent this…by disabling user enumeration on your site.…To see an example of how user enumeration works…let's visit the home page of our demo site.…In the address bar we can enter /?author=1…When this URL is requested, WordPress displays…the associated author archive page,…which displays all posts from the author…whose ID is one.…
This is how an attacker can get your username.…It shows right here in the address bar…and also in some themes right here…in the archive page itself.…Returning to the admin area,…we can check out the user profile screen…which shows that the display name is WordPress User.…This is the same name that we just…saw displayed on the author archive page…and this is the administrator's login username,…
Author
Jeff Starr
Released
9/16/2016- Backing up and restoring your site
- Setting up strong passwords
- Understanding users and roles
- Choosing trusted plugins and themes
- Changing and recovering passwords
- Configuring authentication keys
- Securing the login page
- Fighting spam in the comments
- Blocking access and detecting hacks
- Building a firewall for WordPress
- Detecting and blocking bots
- Auditing your WordPress security
Skill Level Intermediate
Duration
Views
-
Introduction
-
Welcome1m 3s
-
Using the exercise files2m 14s
-
-
1. Getting Started
-
Back up your site4m 6s
-
Restore your site5m 36s
-
Keep your site up to date4m 37s
-
-
2. Security Essentials
-
Implement strong passwords4m 28s
-
Understand users and roles3m 29s
-
Change and recover passwords3m 30s
-
Disable user registration2m 41s
-
-
3. Hardening WordPress
-
Prevent directory listings3m 59s
-
Remove version numbers3m 47s
-
Disable error display3m 7s
-
4. Improving Security with Plugins
-
Fight comment spam3m 25s
-
Secure your login page4m 34s
-
Stop user enumeration4m 50s
-
Monitor admin users4m 19s
-
Implement a firewall3m 6s
-
Block access6m 5s
-
Detect hacks7m 47s
-
-
5. Advanced Tips and Tricks
-
Stop file hotlinking4m 18s
-
Stop automated spam2m 32s
-
Control proxy access4m 21s
-
Control admin access4m 59s
-
-
6. Applying Best Practices
-
Choose a good host6m 16s
-
Further security techniques6m 55s
-
Conclusion
-
Next steps2m 9s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Stop user enumeration