Restrict Username Fishing attack using Author IDs Scanning – WordPress Security Vulnerability
WordPress will display few sensitive information on the author pages, by default and it is very easy to discover usernames/author of WordPress account by simply calling the URL with the ?author=1 query in the browser. We call it as fishing attack.
Once the hackers knows the username of a registered WordPress account, especially an admin, It is easier to perform brute force attacks with passwords against the user, when they know the username.
Niraiya is built with cutting edge technology named INFINITY MATRIX ENGINE - A Futuristic and Multi-layered Secured platform.
We launched blogs for developers in Infinity Matrix team on September 21st 2020. From its launch, we started receiving many wordpress attack, especially Author ID Scanning fishing CyberAttack from Chinese Hackers. Those scannings are automatically blocked and logged by the engine by itself in details.
To block the access, add the code given below in .htaccess file in Wordpress site's root folder.
Program perform following actions,