I have a fairly simple WP site with WPf2b set up since I launched.
Today I noticed the dashboard showing the latest from the logs:
Those are some of my users’ usernames.
Yet I have in the WPf2b Block settings: “Block User Enumeration Stop attackers listing existing usernames.”
Am I doing something stupid elsewhere in WP that allows these user names to be scanned?
The first thing to check is what you’ve got in wp-config.php; you can either paste the bottom part of it here - don’t include the salts or db info! - or DM me with it. It’d also be useful to know what the site is - again, DM if you don’t want that to be public.
Looks a bit empty to me. I thought from the wording of the WPf2b WP settings “block” tab - it says “these settings reflect those values” - that there would be more. Or is that just the defaults since there’s nothing in the wp-config?
//define( 'DISALLOW_FILE_EDIT', true );
define( 'DISALLOW_FILE_EDIT', true );
/* That's all, stop editing! Happy publishing. */
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
define( 'ABSPATH', dirname( __FILE__ ) . '/' );
}
/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';
carbonc@webarch7:~$
