Stop User Enumeration - Version 1.2.2

Version Description

Added code to stop bypassing the check when a trailing slash is added

Download this release

Release Info

Developer llocally
Plugin Icon 128x128 Stop User Enumeration
Version 1.2.2
Comparing to
See all releases

Code changes from version 1.2.1 to 1.2.2

Files changed (2) hide show
  1. readme.txt +6 -2
  2. stop-user-enumeration.php +13 -6
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: llocally
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=ZEWW5LKK5995J
4
  Tags: User Enumeration, Security, WPSCAN, fail2ban
5
  Requires at least: 3.4
6
- Tested up to: 3.7
7
- Stable tag: 1.2.1
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -40,6 +40,10 @@ bantime = 2500000`
40
  Adjusted to your own requirements.
41
 
42
  == Changelog ==
 
 
 
 
43
  = 1.2.1 =
44
  * minor change to handle a specific php issue with a certain version
45
 
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=ZEWW5LKK5995J
4
  Tags: User Enumeration, Security, WPSCAN, fail2ban
5
  Requires at least: 3.4
6
+ Tested up to: 3.7.1
7
+ Stable tag: 1.2.2
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
40
  Adjusted to your own requirements.
41
 
42
  == Changelog ==
43
+ = 1.2.2 =
44
+
45
+ Added code to stop bypassing the check when a trailing slash is added
46
+
47
  = 1.2.1 =
48
  * minor change to handle a specific php issue with a certain version
49
 
stop-user-enumeration.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Stop User Enumeration
4
  Plugin URI: http://llocally.com/wordpress-plugins/stop-user-enumeration
5
  Description: User enumeration is a technique used by hackers to get your login name if you are using permalinks. This plugin stops that.
6
- Version: 1.2.1
7
  Author: llocally
8
  Author URI: http://llocally.com/wordpress-plugins/
9
  License: GPLv2 or later
@@ -25,15 +25,22 @@ along with this program; if not, write to the Free Software
25
  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26
  */
27
 
 
 
28
  add_filter('redirect_canonical','ll_detect_enumeration', 10,2);
29
  function ll_detect_enumeration ($redirect_url, $requested_url) {
30
- if (preg_match('/\?author=([0-9]*)/', $requested_url)===1) {
31
- openlog('wordpress('.$_SERVER['HTTP_HOST'].')',LOG_NDELAY|LOG_PID,LOG_AUTH);
32
- syslog(LOG_INFO,"Attempted user enumeration from {$_SERVER['REMOTE_ADDR']}");
33
- closelog();
34
- wp_die('forbidden');
35
  } else {
36
  return $redirect_url;
37
  }
38
  }
 
 
 
 
 
 
 
 
39
  ?>
3
  Plugin Name: Stop User Enumeration
4
  Plugin URI: http://llocally.com/wordpress-plugins/stop-user-enumeration
5
  Description: User enumeration is a technique used by hackers to get your login name if you are using permalinks. This plugin stops that.
6
+ Version: 1.2.2
7
  Author: llocally
8
  Author URI: http://llocally.com/wordpress-plugins/
9
  License: GPLv2 or later
25
  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26
  */
27
 
28
+ if (preg_match('/author=([0-9]*)(\/*)/', $_SERVER['QUERY_STRING'])===1) ll_kill_enumeration();
29
+
30
  add_filter('redirect_canonical','ll_detect_enumeration', 10,2);
31
  function ll_detect_enumeration ($redirect_url, $requested_url) {
32
+ if (preg_match('/\?author=([0-9]*)(\/*)/', $requested_url)===1) {
33
+ ll_kill_enumeration();
 
 
 
34
  } else {
35
  return $redirect_url;
36
  }
37
  }
38
+
39
+ function ll_kill_enumeration() {
40
+ openlog('wordpress('.$_SERVER['HTTP_HOST'].')',LOG_NDELAY|LOG_PID,LOG_AUTH);
41
+ syslog(LOG_INFO,"Attempted user enumeration from {$_SERVER['REMOTE_ADDR']}");
42
+ closelog();
43
+ wp_die('forbidden');
44
+ }
45
+
46
  ?>