Version Description
Added code to stop bypassing the check when a trailing slash is added
Download this release
Release Info
Developer | llocally |
Plugin | Stop User Enumeration |
Version | 1.2.2 |
Comparing to | |
See all releases |
Code changes from version 1.2.1 to 1.2.2
- readme.txt +6 -2
- stop-user-enumeration.php +13 -6
readme.txt
CHANGED
@@ -3,8 +3,8 @@ Contributors: llocally
|
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=ZEWW5LKK5995J
|
4 |
Tags: User Enumeration, Security, WPSCAN, fail2ban
|
5 |
Requires at least: 3.4
|
6 |
-
Tested up to: 3.7
|
7 |
-
Stable tag: 1.2.
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
@@ -40,6 +40,10 @@ bantime = 2500000`
|
|
40 |
Adjusted to your own requirements.
|
41 |
|
42 |
== Changelog ==
|
|
|
|
|
|
|
|
|
43 |
= 1.2.1 =
|
44 |
* minor change to handle a specific php issue with a certain version
|
45 |
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=ZEWW5LKK5995J
|
4 |
Tags: User Enumeration, Security, WPSCAN, fail2ban
|
5 |
Requires at least: 3.4
|
6 |
+
Tested up to: 3.7.1
|
7 |
+
Stable tag: 1.2.2
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
40 |
Adjusted to your own requirements.
|
41 |
|
42 |
== Changelog ==
|
43 |
+
= 1.2.2 =
|
44 |
+
|
45 |
+
Added code to stop bypassing the check when a trailing slash is added
|
46 |
+
|
47 |
= 1.2.1 =
|
48 |
* minor change to handle a specific php issue with a certain version
|
49 |
|
stop-user-enumeration.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: Stop User Enumeration
|
4 |
Plugin URI: http://llocally.com/wordpress-plugins/stop-user-enumeration
|
5 |
Description: User enumeration is a technique used by hackers to get your login name if you are using permalinks. This plugin stops that.
|
6 |
-
Version: 1.2.
|
7 |
Author: llocally
|
8 |
Author URI: http://llocally.com/wordpress-plugins/
|
9 |
License: GPLv2 or later
|
@@ -25,15 +25,22 @@ along with this program; if not, write to the Free Software
|
|
25 |
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
26 |
*/
|
27 |
|
|
|
|
|
28 |
add_filter('redirect_canonical','ll_detect_enumeration', 10,2);
|
29 |
function ll_detect_enumeration ($redirect_url, $requested_url) {
|
30 |
-
if (preg_match('/\?author=([0-9]*)/', $requested_url)===1) {
|
31 |
-
|
32 |
-
syslog(LOG_INFO,"Attempted user enumeration from {$_SERVER['REMOTE_ADDR']}");
|
33 |
-
closelog();
|
34 |
-
wp_die('forbidden');
|
35 |
} else {
|
36 |
return $redirect_url;
|
37 |
}
|
38 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
39 |
?>
|
3 |
Plugin Name: Stop User Enumeration
|
4 |
Plugin URI: http://llocally.com/wordpress-plugins/stop-user-enumeration
|
5 |
Description: User enumeration is a technique used by hackers to get your login name if you are using permalinks. This plugin stops that.
|
6 |
+
Version: 1.2.2
|
7 |
Author: llocally
|
8 |
Author URI: http://llocally.com/wordpress-plugins/
|
9 |
License: GPLv2 or later
|
25 |
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
26 |
*/
|
27 |
|
28 |
+
if (preg_match('/author=([0-9]*)(\/*)/', $_SERVER['QUERY_STRING'])===1) ll_kill_enumeration();
|
29 |
+
|
30 |
add_filter('redirect_canonical','ll_detect_enumeration', 10,2);
|
31 |
function ll_detect_enumeration ($redirect_url, $requested_url) {
|
32 |
+
if (preg_match('/\?author=([0-9]*)(\/*)/', $requested_url)===1) {
|
33 |
+
ll_kill_enumeration();
|
|
|
|
|
|
|
34 |
} else {
|
35 |
return $redirect_url;
|
36 |
}
|
37 |
}
|
38 |
+
|
39 |
+
function ll_kill_enumeration() {
|
40 |
+
openlog('wordpress('.$_SERVER['HTTP_HOST'].')',LOG_NDELAY|LOG_PID,LOG_AUTH);
|
41 |
+
syslog(LOG_INFO,"Attempted user enumeration from {$_SERVER['REMOTE_ADDR']}");
|
42 |
+
closelog();
|
43 |
+
wp_die('forbidden');
|
44 |
+
}
|
45 |
+
|
46 |
?>
|