Version Description
Fix to allow deprecated PHP Version 5.4 to work, as 5.4 seems to still be in common use despite end of life
Note this code wont work on PHP 5.3
Download this release
Release Info
| Developer | fullworks |
| Plugin |  Stop User Enumeration |
| Version | 1.3.7 |
| Comparing to | |
| See all releases | |
Code changes from version 1.3.6 to 1.3.7
- readme.txt +7 -1
- stop-user-enumeration.php +7 -4
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: fullworks
|
|
| 3 |
Tags: User Enumeration, Security, WPSCAN, fail2ban
|
| 4 |
Requires at least: 3.4
|
| 5 |
Tested up to: 4.7
|
| 6 |
-
Stable tag: 1.3.
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
|
@@ -53,6 +53,12 @@ Adjusted to your own requirements.
|
|
| 53 |
|
| 54 |
== Changelog ==
|
| 55 |
=
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 56 |
= 1.3.6 =
|
| 57 |
|
| 58 |
Fix PHP error
|
| 3 |
Tags: User Enumeration, Security, WPSCAN, fail2ban
|
| 4 |
Requires at least: 3.4
|
| 5 |
Tested up to: 4.7
|
| 6 |
+
Stable tag: 1.3.7
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
| 53 |
|
| 54 |
== Changelog ==
|
| 55 |
=
|
| 56 |
+
= 1.3.7 =
|
| 57 |
+
|
| 58 |
+
Fix to allow deprecated PHP Version 5.4 to work, as 5.4 seems to still be in common use despite end of life
|
| 59 |
+
|
| 60 |
+
Note this code wont work on PHP 5.3
|
| 61 |
+
|
| 62 |
= 1.3.6 =
|
| 63 |
|
| 64 |
Fix PHP error
|
stop-user-enumeration.php
CHANGED
|
@@ -1,11 +1,11 @@
|
|
| 1 |
<?php
|
| 2 |
/*
|
| 3 |
Plugin Name: Stop User Enumeration
|
| 4 |
-
Plugin URI: http://fullworks.net/
|
| 5 |
Description: User enumeration is a technique used by hackers to get your login name if you are using permalinks. This plugin stops that.
|
| 6 |
-
Version: 1.3.
|
| 7 |
Author: Fullworks Digital Ltd
|
| 8 |
-
Author URI: http://fullworks.net
|
| 9 |
License: GPLv2 or later
|
| 10 |
*/
|
| 11 |
|
|
@@ -115,7 +115,7 @@ class Stop_User_Enumeration_Plugin {
|
|
| 115 |
*/
|
| 116 |
public function run_plugin() {
|
| 117 |
if ( ! is_user_logged_in() && isset($_REQUEST['author'])){
|
| 118 |
-
if(
|
| 119 |
$this->sue_log();
|
| 120 |
wp_die('forbidden - number in author name not allowed = ' . $_REQUEST['author']);
|
| 121 |
}
|
|
@@ -128,6 +128,9 @@ class Stop_User_Enumeration_Plugin {
|
|
| 128 |
|
| 129 |
}
|
| 130 |
}
|
|
|
|
|
|
|
|
|
|
| 131 |
public function only_allow_logged_in_rest_access_to_users ($access) {
|
| 132 |
if($this->wpsf->get_settings()['general_stop_rest_user'] == 1 ) {
|
| 133 |
if( preg_match('/users/', $_SERVER['REQUEST_URI']) !== 0 ) {
|
| 1 |
<?php
|
| 2 |
/*
|
| 3 |
Plugin Name: Stop User Enumeration
|
| 4 |
+
Plugin URI: http://fullworks.net/wordpress-plugins/
|
| 5 |
Description: User enumeration is a technique used by hackers to get your login name if you are using permalinks. This plugin stops that.
|
| 6 |
+
Version: 1.3.7
|
| 7 |
Author: Fullworks Digital Ltd
|
| 8 |
+
Author URI: http://fullworks.net/wordpress-plugins/
|
| 9 |
License: GPLv2 or later
|
| 10 |
*/
|
| 11 |
|
| 115 |
*/
|
| 116 |
public function run_plugin() {
|
| 117 |
if ( ! is_user_logged_in() && isset($_REQUEST['author'])){
|
| 118 |
+
if( $this->ContainsNumbers($_REQUEST['author'])) {
|
| 119 |
$this->sue_log();
|
| 120 |
wp_die('forbidden - number in author name not allowed = ' . $_REQUEST['author']);
|
| 121 |
}
|
| 128 |
|
| 129 |
}
|
| 130 |
}
|
| 131 |
+
private function ContainsNumbers($String){
|
| 132 |
+
return preg_match('/\\d/', $String) > 0;
|
| 133 |
+
}
|
| 134 |
public function only_allow_logged_in_rest_access_to_users ($access) {
|
| 135 |
if($this->wpsf->get_settings()['general_stop_rest_user'] == 1 ) {
|
| 136 |
if( preg_match('/users/', $_SERVER['REQUEST_URI']) !== 0 ) {
|
