Disable Feeds And Hide Usernames
禁用供稿并隐藏用户名 h3>
removes the rss feeds like below.
删除如下所示的rss feed。
For a simple CMS site it is not required.
对于简单的CMS网站,则不需要。
* http://example.com/feed/
* http://example.com/feed/
* http://example.com/feedss/
* http://example.com/feedss/
* http://example.com/feedss2/
* http://example.com/feedss2/
* http://example.com/feeddf/
* http://example.com/feeddf/
* http://example.com/feed/atom/
* http://example.com/feed/atom/ p>
Why Hide WordPress Usernames
为什么隐藏WordPress用户名 h4>
WordPress usernames can easily be guessed.
WordPress用户名很容易猜到。
If guessed it makes the attackers’ life easier especially in case of a targeted WordPress hack attack.
如果猜中了,这将使攻击者的生活更加轻松,尤其是在有针对性的WordPress hack攻击的情况下。
Attackers can use a tool such as WPScan to guess your WordPress username or simply by entering a URL such as the following:
攻击者可以使用WPScan这样的工具来猜测您的WordPress用户名,或者只需输入以下URL: p>
http://www.example.com/?author=1
http://www.example.com/?author=1 p>
If the author ID is valid then they will be redirected to the author URL, for example:
如果作者ID有效,那么他们将被重定向到作者URL,例如: p>
http://www.example.com/author/admin
http://www.example.com/author/admin p>
The above is possible even when you change the WordPress user IDs.
即使您更改WordPress用户ID,也可以执行上述操作。
For example if you changed the user ID to 1000, then by requesting the URL http://www.example.com/?author=1000 the attacker can guess the username.
例如,如果您将用户ID更改为1000,则通过请求URL http://www.example.com/?author=1000,攻击者可以猜测用户名。
This means that you would be delaying the guessing attack but not completely eliminating it.
这意味着您将延迟猜测攻击,但不能完全消除它。 p>
WordPress usernames can also be found in the source of rss feeds.
WordPress用户名也可以在rss feed的源中找到。 p>
Disable Feeds And Hide Usernames
禁用供稿并隐藏用户名 h3>
hides the usernames to make it harder for the attacker.
隐藏用户名,使攻击者更难。 p>