Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Tutorials

How Hackers Can Find your WordPress Username

by Sophie

September 14, 2020
Reading Time: 2 mins read
in Tutorials
How Hackers Can Find your WordPress Username

You’ve taken all the security precautions to hide your WordPress login and admin screens from hackers. You’ve also changed your default usernames and removed them from your theme. You still think that you are fine! Now, there’s no way a hacker can find your login usernames. Well think twice! You are wrong! Find below 2 methods that hackers can use to find your WordPress’ usernames just with a simple scan!

  1. Using /?author=1 Query Parameter
    1. Fix: Adding a Code Snippet to WordPress
  2. Using WordPress JSON REST Endpoint:/wp-json/wp/v2/users/1
    1. Fix: Disable via Code

1: Using /?author=1 Query Parameter: To fix this you will have to access your WordPress dashboard – Appearance – Theme Editor. On your right  panel look for the functions.php.

JUST BE CAREFUL AND DON’T MODIFY ANYTHING. ONLY ADD THE FOLLOWING SNIPPET OF CODE AT THE END OF THE FILE.

Save. Refresh and test again.

http://YOURSITE.COM/?author=1 

//START author paramenter//

function redirect_to_home_if_author_parameter() {

	$is_author_set = get_query_var( 'author', '' );
        if ( $is_author_set != '' && !is_admin()) {
           wp_redirect( home_url(), 301 );
exit;
	}
}
add_action( 'template_redirect', 'redirect_to_home_if_author_parameter' );

//END author paramenter//

 

2: Using WordPress JSON REST Endpoint:/wp-json/wp/v2/users/1: To fix this you will have to do the same steps as before and add the following snippet of code at the end of the file. Save. Refresh and test again.

http://YOURSITE.COM/wp-json/wp/v2/users/1

//START REMOVE JSON PARAMETER//

function disable_rest_endpoints ( $endpoints ) {
    if ( isset( $endpoints['/wp/v2/users'] ) ) {
        unset( $endpoints['/wp/v2/users'] );
    }
    if ( isset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] ) ) {
        unset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] );
    }
    return $endpoints;
}
add_filter( 'rest_endpoints', 'disable_rest_endpoints');

//END REMOVE JSON PARAMETER//

 

Done! If you have any questions please don’t hesitate to reach out!

sophie(at)cybermaterial.com
Tags: functions.phpHackersWordpress
ADVERTISEMENT

Related Posts

How to Harden Privacy’s Settings on Social Media

How to Harden Privacy’s Settings on Social Media

April 16, 2023
How To Secure Your Twitter Account With Google Authenticator

How To Secure Your Twitter Account With Google Authenticator

March 30, 2023
How To Block Scam Calls – Tutorial

How To Block Scam Calls – Tutorial

March 24, 2023
How to assess the security of your email?

How to assess the security of your email?

March 16, 2023
How to create aliases to protect your real email on Microsoft Outloook

How to create aliases to protect your real email on Microsoft Outloook

March 13, 2023
How To Use ProtonVPN To Browse The Internet

How To Use ProtonVPN To Browse The Internet

March 8, 2023

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial