Version Description
- be case insensitive when checking REST API
Download this release
Release Info
| Developer | fullworks |
| Plugin |  Stop User Enumeration |
| Version | 1.3.32 |
| Comparing to | |
| See all releases | |
Code changes from version 1.3.31 to 1.3.32
- bootstrap.php +1 -2
- frontend/class-frontend.php +1 -1
- readme.txt +8 -5
- stop-user-enumeration.php +3 -1
bootstrap.php
CHANGED
|
@@ -2,7 +2,6 @@
|
|
| 2 |
|
| 3 |
|
| 4 |
namespace Stop_User_Enumeration;
|
| 5 |
-
// @TODO options for xforwarded
|
| 6 |
|
| 7 |
// If this file is called directly, abort.
|
| 8 |
use Stop_User_Enumeration\Includes\Core;
|
|
@@ -12,7 +11,7 @@ if ( ! defined( 'WPINC' ) ) {
|
|
| 12 |
die;
|
| 13 |
}
|
| 14 |
define( 'STOP_USER_ENUMERATION_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
|
| 15 |
-
define( 'STOP_USER_ENUMERATION_PLUGIN_VERSION', '1.3.
|
| 16 |
|
| 17 |
|
| 18 |
// Include the autoloader so we can dynamically include the classes.
|
| 2 |
|
| 3 |
|
| 4 |
namespace Stop_User_Enumeration;
|
|
|
|
| 5 |
|
| 6 |
// If this file is called directly, abort.
|
| 7 |
use Stop_User_Enumeration\Includes\Core;
|
| 11 |
die;
|
| 12 |
}
|
| 13 |
define( 'STOP_USER_ENUMERATION_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
|
| 14 |
+
define( 'STOP_USER_ENUMERATION_PLUGIN_VERSION', '1.3.2' );
|
| 15 |
|
| 16 |
|
| 17 |
// Include the autoloader so we can dynamically include the classes.
|
frontend/class-frontend.php
CHANGED
|
@@ -101,7 +101,7 @@ class FrontEnd {
|
|
| 101 |
|
| 102 |
public function only_allow_logged_in_rest_access_to_users( $access ) {
|
| 103 |
if ( 'on' === Core::sue_get_option( 'stop_rest_user', 'off' ) ) {
|
| 104 |
-
if ( ( preg_match( '/users/', $_SERVER['REQUEST_URI'] ) !== 0 ) || ( isset( $_REQUEST['rest_route'] ) && ( preg_match( '/users/', $_REQUEST['rest_route'] ) !== 0 ) ) ) {
|
| 105 |
if ( ! is_user_logged_in() ) {
|
| 106 |
$this->sue_log();
|
| 107 |
|
| 101 |
|
| 102 |
public function only_allow_logged_in_rest_access_to_users( $access ) {
|
| 103 |
if ( 'on' === Core::sue_get_option( 'stop_rest_user', 'off' ) ) {
|
| 104 |
+
if ( ( preg_match( '/users/i', $_SERVER['REQUEST_URI'] ) !== 0 ) || ( isset( $_REQUEST['rest_route'] ) && ( preg_match( '/users/i', $_REQUEST['rest_route'] ) !== 0 ) ) ) {
|
| 105 |
if ( ! is_user_logged_in() ) {
|
| 106 |
$this->sue_log();
|
| 107 |
|
readme.txt
CHANGED
|
@@ -1,10 +1,8 @@
|
|
| 1 |
=== Stop User Enumeration ===
|
| 2 |
Contributors: fullworks,alanfuller
|
| 3 |
Tags: User Enumeration, Security, WPSCAN, fail2ban,
|
| 4 |
-
Requires at least: 4.6
|
| 5 |
-
Requires PHP: 5.6
|
| 6 |
Tested up to: 5.8
|
| 7 |
-
Stable tag: 1.3.
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
|
@@ -63,10 +61,15 @@ An fail2ban config file, wordpress-userenum.conf is found in the plugin director
|
|
| 63 |
An example jail.local is found in plugin directory stop-user-enumeration/fail2ban
|
| 64 |
|
| 65 |
== Upgrade Notice ==
|
| 66 |
-
= 1.3.30 =
|
| 67 |
-
Upgrade to version 1.3.30 to disable author site maps - you will need to enable in settings (closes issue #6)
|
| 68 |
|
| 69 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 70 |
= 1.3.30 =
|
| 71 |
* option to remove author site maps
|
| 72 |
|
| 1 |
=== Stop User Enumeration ===
|
| 2 |
Contributors: fullworks,alanfuller
|
| 3 |
Tags: User Enumeration, Security, WPSCAN, fail2ban,
|
|
|
|
|
|
|
| 4 |
Tested up to: 5.8
|
| 5 |
+
Stable tag: 1.3.32
|
| 6 |
License: GPLv2 or later
|
| 7 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 8 |
|
| 61 |
An example jail.local is found in plugin directory stop-user-enumeration/fail2ban
|
| 62 |
|
| 63 |
== Upgrade Notice ==
|
|
|
|
|
|
|
| 64 |
|
| 65 |
== Changelog ==
|
| 66 |
+
= 1.3.32 =
|
| 67 |
+
* be case insensitive when checking REST API
|
| 68 |
+
|
| 69 |
+
= 1.3.31 =
|
| 70 |
+
* Upgrade to version 1.3.30 to disable author site maps - you will need to enable in settings (closes issue #6)
|
| 71 |
+
|
| 72 |
+
|
| 73 |
= 1.3.30 =
|
| 74 |
* option to remove author site maps
|
| 75 |
|
stop-user-enumeration.php
CHANGED
|
@@ -3,8 +3,10 @@
|
|
| 3 |
Plugin Name: Stop User Enumeration
|
| 4 |
Plugin URI: https://fullworks.net/products/stop-user-enumeration/
|
| 5 |
Description: User enumeration is a technique used by hackers to get your login name if you are using permalinks. This plugin stops that.
|
| 6 |
-
Version: 1.3.
|
| 7 |
Author: Fullworks
|
|
|
|
|
|
|
| 8 |
Text Domain: stop-user-enumeration
|
| 9 |
Domain Path: /languages
|
| 10 |
Author URI: https://fullworks.net/
|
| 3 |
Plugin Name: Stop User Enumeration
|
| 4 |
Plugin URI: https://fullworks.net/products/stop-user-enumeration/
|
| 5 |
Description: User enumeration is a technique used by hackers to get your login name if you are using permalinks. This plugin stops that.
|
| 6 |
+
Version: 1.3.32
|
| 7 |
Author: Fullworks
|
| 8 |
+
Requires at least: 4.6
|
| 9 |
+
Requires PHP: 5.6
|
| 10 |
Text Domain: stop-user-enumeration
|
| 11 |
Domain Path: /languages
|
| 12 |
Author URI: https://fullworks.net/
|
