Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Tutorials

How Hackers Can Find your WordPress Username

by Sophie

September 14, 2020
Reading Time: 2 mins read
in Tutorials
How Hackers Can Find your WordPress Username

You’ve taken all the security precautions to hide your WordPress login and admin screens from hackers. You’ve also changed your default usernames and removed them from your theme. You still think that you are fine! Now, there’s no way a hacker can find your login usernames. Well think twice! You are wrong! Find below 2 methods that hackers can use to find your WordPress’ usernames just with a simple scan!

  1. Using /?author=1 Query Parameter
    1. Fix: Adding a Code Snippet to WordPress
  2. Using WordPress JSON REST Endpoint:/wp-json/wp/v2/users/1
    1. Fix: Disable via Code

1: Using /?author=1 Query Parameter: To fix this you will have to access your WordPress dashboard – Appearance – Theme Editor. On your right  panel look for the functions.php.

JUST BE CAREFUL AND DON’T MODIFY ANYTHING. ONLY ADD THE FOLLOWING SNIPPET OF CODE AT THE END OF THE FILE.

Save. Refresh and test again.

http://YOURSITE.COM/?author=1 

//START author paramenter//

function redirect_to_home_if_author_parameter() {

	$is_author_set = get_query_var( 'author', '' );
        if ( $is_author_set != '' && !is_admin()) {
           wp_redirect( home_url(), 301 );
exit;
	}
}
add_action( 'template_redirect', 'redirect_to_home_if_author_parameter' );

//END author paramenter//

 

2: Using WordPress JSON REST Endpoint:/wp-json/wp/v2/users/1: To fix this you will have to do the same steps as before and add the following snippet of code at the end of the file. Save. Refresh and test again.

http://YOURSITE.COM/wp-json/wp/v2/users/1

//START REMOVE JSON PARAMETER//

function disable_rest_endpoints ( $endpoints ) {
    if ( isset( $endpoints['/wp/v2/users'] ) ) {
        unset( $endpoints['/wp/v2/users'] );
    }
    if ( isset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] ) ) {
        unset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] );
    }
    return $endpoints;
}
add_filter( 'rest_endpoints', 'disable_rest_endpoints');

//END REMOVE JSON PARAMETER//

 

Done! If you have any questions please don’t hesitate to reach out!

sophie(at)cybermaterial.com
Tags: functions.phpHackersWordpress
ADVERTISEMENT

Related Posts

Hands-On Web Application Security

Hands-On Web Application Security

October 17, 2025
How to Harden Privacy’s Settings on Social Media

How to Harden Privacy’s Settings on Social Media

April 16, 2023
How To Secure Your Twitter Account With Google Authenticator

How To Secure Your Twitter Account With Google Authenticator

March 30, 2023
How To Block Scam Calls – Tutorial

How To Block Scam Calls – Tutorial

March 24, 2023
How to assess the security of your email?

How to assess the security of your email?

March 16, 2023
How to create aliases to protect your real email on Microsoft Outloook

How to create aliases to protect your real email on Microsoft Outloook

March 13, 2023

Latest Alerts

Microsoft Pulls 200 Suspicious Certificates

NK Hackers Hide Malware In Blockchain

Hackers Spread Malware With Blockchain

Fortinet And Ivanti Patch Severe Flaws

Malicious VSCode Extensions Steal Crypto

Fake Password Manager Hijack PCs

Subscribe to our newsletter

    Latest Incidents

    Pro Hamas Hackers Target Airport Speakers

    Prosper Breach Hits 17 Million Accounts

    Sothebys Data Breach Exposes Customers

    F5 Reports Hackers Stole Source Code

    YouTube Down Globally With Playback Errors

    Spanish Retailer Mango Discloses Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial