Blog / Technology / CyberSecurity

Restricting WordPress Fishing attack By Author ID Scanning

Restricting WordPress Fishing attack By Author ID Scanning

Restrict Username Fishing attack using Author IDs Scanning – WordPress Security Vulnerability

WordPress will display few sensitive information on the author pages, by default and it is very easy to discover usernames/author of WordPress account by simply calling the URL with the ?author=1 query in the browser. We call it as fishing attack.


Once the hackers knows the username of a registered WordPress account, especially an admin, It is easier to perform brute force attacks with passwords against the user, when they know the username.

Funny Author ID Scanning on Niraiya Email Accounts

Niraiya is built with cutting edge technology named INFINITY MATRIX ENGINE - A Futuristic and Multi-layered Secured platform.

AuthorID Scanning on Niraiya

We launched blogs for developers in Infinity Matrix team on September 21st 2020. From its launch, we started receiving many wordpress attack, especially Author ID Scanning fishing CyberAttack from Chinese Hackers. Those scannings are automatically blocked and logged by the engine by itself in details.

How to prevent author Id scanning in WordPress

To block the access, add the code given below in .htaccess file in Wordpress site's root folder.

Block User ID Phishing Requests

Program perform following actions,

  • 1. Checks if the mod_rewrite is available in the root folder.
  • 2. Checks if the query string starting with author=, followed by any number or username.
  • 3. If request is sent, it will be redirected to the location of your given (change to match your URL)