Last active
October 19, 2019 02:40
-
-
Save alexmoise/d5d9073e6165d4e5ac098a184d5405e6 to your computer and use it in GitHub Desktop.
A single-function plugin to stop usernames enumeration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Plugin Name: Stop Username Phishing | |
| * Plugin URI: https://gist.github.com/alexmoise/d5d9073e6165d4e5ac098a184d5405e6 | |
| * Description: A single-function plugin to stop usernames enumeration using author ID | |
| * Version: 1.0 | |
| * Author: Alex Moise | |
| * Author URI: https://moise.pro | |
| */ | |
| // just block user enumeration using author ID | |
| if (!is_admin()) { if (preg_match('/author=([0-9]*)/i', $_SERVER['QUERY_STRING'])) die(); | |
| add_filter('redirect_canonical', 'mo_block_user_enumeration', 10, 2); | |
| } | |
| function mo_block_user_enumeration($redirect, $request) { | |
| if (preg_match('/\?author=([0-9]*)(\/*)/i', $request)) die(); | |
| else return $redirect; | |
| } | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment