Version Description
- be case insensitive when checking REST API
Download this release
Release Info
Developer | fullworks |
Plugin | Stop User Enumeration |
Version | 1.3.32 |
Comparing to | |
See all releases |
Code changes from version 1.3.31 to 1.3.32
- bootstrap.php +1 -2
- frontend/class-frontend.php +1 -1
- readme.txt +8 -5
- stop-user-enumeration.php +3 -1
bootstrap.php
CHANGED
@@ -2,7 +2,6 @@
|
|
2 |
|
3 |
|
4 |
namespace Stop_User_Enumeration;
|
5 |
-
// @TODO options for xforwarded
|
6 |
|
7 |
// If this file is called directly, abort.
|
8 |
use Stop_User_Enumeration\Includes\Core;
|
@@ -12,7 +11,7 @@ if ( ! defined( 'WPINC' ) ) {
|
|
12 |
die;
|
13 |
}
|
14 |
define( 'STOP_USER_ENUMERATION_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
|
15 |
-
define( 'STOP_USER_ENUMERATION_PLUGIN_VERSION', '1.3.
|
16 |
|
17 |
|
18 |
// Include the autoloader so we can dynamically include the classes.
|
2 |
|
3 |
|
4 |
namespace Stop_User_Enumeration;
|
|
|
5 |
|
6 |
// If this file is called directly, abort.
|
7 |
use Stop_User_Enumeration\Includes\Core;
|
11 |
die;
|
12 |
}
|
13 |
define( 'STOP_USER_ENUMERATION_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
|
14 |
+
define( 'STOP_USER_ENUMERATION_PLUGIN_VERSION', '1.3.2' );
|
15 |
|
16 |
|
17 |
// Include the autoloader so we can dynamically include the classes.
|
frontend/class-frontend.php
CHANGED
@@ -101,7 +101,7 @@ class FrontEnd {
|
|
101 |
|
102 |
public function only_allow_logged_in_rest_access_to_users( $access ) {
|
103 |
if ( 'on' === Core::sue_get_option( 'stop_rest_user', 'off' ) ) {
|
104 |
-
if ( ( preg_match( '/users/', $_SERVER['REQUEST_URI'] ) !== 0 ) || ( isset( $_REQUEST['rest_route'] ) && ( preg_match( '/users/', $_REQUEST['rest_route'] ) !== 0 ) ) ) {
|
105 |
if ( ! is_user_logged_in() ) {
|
106 |
$this->sue_log();
|
107 |
|
101 |
|
102 |
public function only_allow_logged_in_rest_access_to_users( $access ) {
|
103 |
if ( 'on' === Core::sue_get_option( 'stop_rest_user', 'off' ) ) {
|
104 |
+
if ( ( preg_match( '/users/i', $_SERVER['REQUEST_URI'] ) !== 0 ) || ( isset( $_REQUEST['rest_route'] ) && ( preg_match( '/users/i', $_REQUEST['rest_route'] ) !== 0 ) ) ) {
|
105 |
if ( ! is_user_logged_in() ) {
|
106 |
$this->sue_log();
|
107 |
|
readme.txt
CHANGED
@@ -1,10 +1,8 @@
|
|
1 |
=== Stop User Enumeration ===
|
2 |
Contributors: fullworks,alanfuller
|
3 |
Tags: User Enumeration, Security, WPSCAN, fail2ban,
|
4 |
-
Requires at least: 4.6
|
5 |
-
Requires PHP: 5.6
|
6 |
Tested up to: 5.8
|
7 |
-
Stable tag: 1.3.
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
@@ -63,10 +61,15 @@ An fail2ban config file, wordpress-userenum.conf is found in the plugin director
|
|
63 |
An example jail.local is found in plugin directory stop-user-enumeration/fail2ban
|
64 |
|
65 |
== Upgrade Notice ==
|
66 |
-
= 1.3.30 =
|
67 |
-
Upgrade to version 1.3.30 to disable author site maps - you will need to enable in settings (closes issue #6)
|
68 |
|
69 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
70 |
= 1.3.30 =
|
71 |
* option to remove author site maps
|
72 |
|
1 |
=== Stop User Enumeration ===
|
2 |
Contributors: fullworks,alanfuller
|
3 |
Tags: User Enumeration, Security, WPSCAN, fail2ban,
|
|
|
|
|
4 |
Tested up to: 5.8
|
5 |
+
Stable tag: 1.3.32
|
6 |
License: GPLv2 or later
|
7 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
8 |
|
61 |
An example jail.local is found in plugin directory stop-user-enumeration/fail2ban
|
62 |
|
63 |
== Upgrade Notice ==
|
|
|
|
|
64 |
|
65 |
== Changelog ==
|
66 |
+
= 1.3.32 =
|
67 |
+
* be case insensitive when checking REST API
|
68 |
+
|
69 |
+
= 1.3.31 =
|
70 |
+
* Upgrade to version 1.3.30 to disable author site maps - you will need to enable in settings (closes issue #6)
|
71 |
+
|
72 |
+
|
73 |
= 1.3.30 =
|
74 |
* option to remove author site maps
|
75 |
|
stop-user-enumeration.php
CHANGED
@@ -3,8 +3,10 @@
|
|
3 |
Plugin Name: Stop User Enumeration
|
4 |
Plugin URI: https://fullworks.net/products/stop-user-enumeration/
|
5 |
Description: User enumeration is a technique used by hackers to get your login name if you are using permalinks. This plugin stops that.
|
6 |
-
Version: 1.3.
|
7 |
Author: Fullworks
|
|
|
|
|
8 |
Text Domain: stop-user-enumeration
|
9 |
Domain Path: /languages
|
10 |
Author URI: https://fullworks.net/
|
3 |
Plugin Name: Stop User Enumeration
|
4 |
Plugin URI: https://fullworks.net/products/stop-user-enumeration/
|
5 |
Description: User enumeration is a technique used by hackers to get your login name if you are using permalinks. This plugin stops that.
|
6 |
+
Version: 1.3.32
|
7 |
Author: Fullworks
|
8 |
+
Requires at least: 4.6
|
9 |
+
Requires PHP: 5.6
|
10 |
Text Domain: stop-user-enumeration
|
11 |
Domain Path: /languages
|
12 |
Author URI: https://fullworks.net/
|