Version Description
- Added code to check whether not admin (to stop admin features failing) and changed trailing slash code to trap situation where not posts are found and user is displayed in title
Download this release
Release Info
Developer | llocally |
Plugin | Stop User Enumeration |
Version | 1.2.4 |
Comparing to | |
See all releases |
Code changes from version 1.2.3 to 1.2.4
- readme.txt +13 -4
- stop-user-enumeration.php +5 -2
readme.txt
CHANGED
@@ -3,8 +3,8 @@ Contributors: llocally
|
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=ZEWW5LKK5995J
|
4 |
Tags: User Enumeration, Security, WPSCAN, fail2ban
|
5 |
Requires at least: 3.4
|
6 |
-
Tested up to: 3.
|
7 |
-
Stable tag: 1.2.
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
@@ -40,11 +40,20 @@ bantime = 2500000`
|
|
40 |
Adjusted to your own requirements.
|
41 |
|
42 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
43 |
= 1.2.3 =
|
44 |
-
|
|
|
|
|
|
|
45 |
= 1.2.2 =
|
46 |
|
47 |
-
Added code to stop bypassing the check when a trailing slash is added
|
48 |
|
49 |
= 1.2.1 =
|
50 |
* minor change to handle a specific php issue with a certain version
|
3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=ZEWW5LKK5995J
|
4 |
Tags: User Enumeration, Security, WPSCAN, fail2ban
|
5 |
Requires at least: 3.4
|
6 |
+
Tested up to: 3.9
|
7 |
+
Stable tag: 1.2.4
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
40 |
Adjusted to your own requirements.
|
41 |
|
42 |
== Changelog ==
|
43 |
+
=
|
44 |
+
= 1.2.4 =
|
45 |
+
|
46 |
+
* Added code to check whether not admin (to stop admin features failing) and changed trailing slash code to trap situation where not posts are found and user is displayed in title
|
47 |
+
|
48 |
+
|
49 |
= 1.2.3 =
|
50 |
+
|
51 |
+
|
52 |
+
* Fixed bug that stopped export in admin
|
53 |
+
|
54 |
= 1.2.2 =
|
55 |
|
56 |
+
* Added code to stop bypassing the check when a trailing slash is added
|
57 |
|
58 |
= 1.2.1 =
|
59 |
* minor change to handle a specific php issue with a certain version
|
stop-user-enumeration.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: Stop User Enumeration
|
4 |
Plugin URI: http://llocally.com/wordpress-plugins/stop-user-enumeration
|
5 |
Description: User enumeration is a technique used by hackers to get your login name if you are using permalinks. This plugin stops that.
|
6 |
-
Version: 1.2.
|
7 |
Author: llocally
|
8 |
Author URI: http://llocally.com/wordpress-plugins/
|
9 |
License: GPLv2 or later
|
@@ -25,7 +25,10 @@ along with this program; if not, write to the Free Software
|
|
25 |
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
26 |
*/
|
27 |
|
28 |
-
if (
|
|
|
|
|
|
|
29 |
|
30 |
add_filter('redirect_canonical','ll_detect_enumeration', 10,2);
|
31 |
function ll_detect_enumeration ($redirect_url, $requested_url) {
|
3 |
Plugin Name: Stop User Enumeration
|
4 |
Plugin URI: http://llocally.com/wordpress-plugins/stop-user-enumeration
|
5 |
Description: User enumeration is a technique used by hackers to get your login name if you are using permalinks. This plugin stops that.
|
6 |
+
Version: 1.2.4
|
7 |
Author: llocally
|
8 |
Author URI: http://llocally.com/wordpress-plugins/
|
9 |
License: GPLv2 or later
|
25 |
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
26 |
*/
|
27 |
|
28 |
+
if ( ! is_admin()){
|
29 |
+
if (preg_match('/author=([0-9]*)/', $_SERVER['QUERY_STRING'])===1) ll_kill_enumeration();
|
30 |
+
add_filter('redirect_canonical','ll_detect_enumeration', 10,2);
|
31 |
+
}
|
32 |
|
33 |
add_filter('redirect_canonical','ll_detect_enumeration', 10,2);
|
34 |
function ll_detect_enumeration ($redirect_url, $requested_url) {
|