WordPress – User Disclosure


During the scan, Kayran managed to find the WordPress – User Disclosure vulnerability. It has found that the site display usernames that should be concealed in order to prevent User Disclosure.

An attacker can abuse the WordPress – User Disclosure by using failed login attempts which allows him to enumerate valid usernames in order to use it for further attacks such as Phishing attempts, Brute-Force attacks, etc.

Web applications usually use an authentication mechanism to prevent unauthorized/anonymous users from accessing to the application’s protected resources and functionalities. Attackers will try to find flaws in the authentication mechanism to get into the protected resources and functionalities. Username enumeration is one of the most popular attacks that are performed against authentication mechanisms to identify the valid usernames on the system.


To prevent this vulnerability from happening:

  • Use policies to enforce strong WordPress passwords.
  • Enable 2FA with a WordPress two-factor authentication plugin.
  • Add HTTP authentication for the WordPress login page.
  • Restrict access to the login page (/wp-admin/) section to unauthorized IP addresses.

Also make sure to rename the admin account to something else to reduce the chance of successful brute force attacks.



< Return to all Vulnerabilities

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Kayran! If you’ve been on the internet for over an hour, you probably already heard of

Read More »