As of April 2026, No User Enumeration is a WordPress wpscan plugin with 200 active installations and a 0/5 rating0. It has been downloaded 4.7K+ times in total. Requires WordPress 2.9+ and PHP false+. Available on WordPress.org since 2016. Last updated 6 years ago — may have compatibility concerns. Top alternative: Stop User Enumeration.
0/5Rating
200active installs
4.7K+total downloads
10 yearssince 2016
Overview
In many WordPress installations is possible enumerate usernames through the author archives, using urls like this:
http://wpsite/?author=1
http://wpsite/?author=1/
http://wpsite/?bypass=1&author%00=1
http://wpsite/?author%00=%001
http://wpsite/?%61uthor=1
And recently wordpress since 4.7 comes with a rest api integrated that allow list users:
curl -s http://wpsite/wp-json/wp/v2/users/
curl -s http://wpsite/?rest_route=/wp/v2/users
curl http://wpsite/?_method=GET -d rest_route=/wp/v2/users
Know the username of a administrator is the half battle, now an attacker only need guest the password.
This plugin stop it.
Also, is possible get usernames from the post entries.
This plugin, hide the name of the author in a post entry if he is not using a nickname.
Also, hide the url page link of a…
Ratings & Reviews
00 reviews
5 ★
0
4 ★
0
3 ★
0
2 ★
0
1 ★
0
Compatibility
| WordPress | 2.9+ requiredTested up to 5.2.24 |
| PHP | false+ required |
Top Alternatives to No User Enumeration
Frequently Asked Questions
Changelog
1.3.2
- Using WP_DEBUG not emit undefined index notice.
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.