Title: WP Author Security
Author: mgm security partners GmbH
Published: اگست 13, 2020
Last modified: اپریل 12, 2023
---
پلگ انز تلاش کریں
یہ پلگ ان **ورڈپریس کے تازہ ترین 3 ریلیزوں کے ساتھ ٹیسٹ نہیں کیا گیا ہے**۔ اب یہ
برقرار نہیں رکھا جا سکتا یا معاونت نہیں کی جا سکتی اور اس کو ورڈپریس کے تازہ ترین
ورژنز کے ساتھ استعمال کیے جانے پر مطابقت کے مسائل ہو سکتے ہیں۔
# WP Author Security
منجانب [mgm security partners GmbH](https://profiles.wordpress.org/mgmsp/)
[ڈاؤن لوڈ کریں](https://downloads.wordpress.org/plugin/wp-author-security.1.5.0.zip)
* [تفصیلات](https://ur.wordpress.org/plugins/wp-author-security/#description)
* [جائزے](https://ur.wordpress.org/plugins/wp-author-security/#reviews)
* [انسٹالیشن](https://ur.wordpress.org/plugins/wp-author-security/#installation)
* [ڈیولپمنٹ](https://ur.wordpress.org/plugins/wp-author-security/#developers)
[معاونت](https://wordpress.org/support/plugin/wp-author-security/)
## تفصیل
WP Author Security is a lightweight but powerful plugin to protect against user
enumeration attacks on author pages and other places where valid user names can
be obtained.
By default, WordPress will display some sensitive information on author pages.
The author page is typically called by requesting the URI `https://yourdomain.tld/?
author=` or with permalinks `https://yourdomain.tld/author/`. The
page will include (depending on your theme) the full name (first and last name)
as well as the username of the author which is used to log in to WordPress.
In some cases, it is not wanted to expose this information to the public. An attacker
is able to brute force valid IDs or valid usernames. This information might be used
for further attacks like social engineering attacks or log in brute force attacks
with gathered usernames.
_However, when using the plugin and you disable author
pages completely it must be noted that you need to take care that your active theme
will not display the author name itself on posts like "Posted by admin” or something
like that. This is something the plugin will not handle (at the moment)._
By using the extension, you are able to disable the author pages either completely
or display them only when the author has at least one published post. When the page
is disabled the default 404 error page of the active theme is displayed.
In addition, the plugin will also protect other locations which are commonly used
by attackers to gather valid user names. These are:
* The REST API for users which will list all users with published posts by default.
https://yourdomain.tld/wp-json/wp/v2/users
* The log in page where different error messages will indicate whether an entered
user name or mail address exists or not. The plugin will display a neutral error
message independently whether the user exists or not.
* The password forgotten function will also allow an attacker to check for the
existence of a user. As for the log in page the plugin will display a neutral
message even when the user does not exists.
* Requesting the feed endpoint /feed of your blog will also allow others to see
the username or display name of the author. The plugin will remove the name from
the result list.
* WordPress supports so-called oEmbeds. This is a technique to embed a reference
to a post into another post. However, this reference will also contain the author
name and a direct link to the profile page. The plugin will also remove the name
and link here.
* Since WordPress 5.5 a default sitemap can be reached via /wp-sitemap.xml. This
sitemap will disclose the usernames of all authors. If this should not be disclosed
you are able to disable this feature of WordPress.
## اسکرین شاٹس
* [[
* Admin settings
* [[
* 404 page when requesting author page by user ID.
* [[
* Log in error message when the user name exists but a wrong password is entered.
## انسٹالیشن
1. Install the plugin via the Dashboard `Plugins -> Add new` or upload the plugin’s
folder ‘wp-author-security’ from the zip into your WordPress plugin folder `wp-
content/plugins/` (e.g. via ftp)
2. Activate the plugin in the WordPress backend
3. Customize the settings by navigating to `Settings -> WP Author Security`
## جائزے
### [Works on my WP v6.4.3](https://wordpress.org/support/topic/works-on-my-wp-v6-4-3/)
[andrebell82](https://profiles.wordpress.org/andrebell82/) مارچ 6, 2024
So annoying to constantly change my username or modify themes to stop script kiddies
and hackers from finding my usernames simply from looking at a theme’s page source
or running a basic script. This removed my username from the view source page. My
site is functioning without errors despite this plugin not yet tested with my version
of WP. No clue if there are other areas my username might be displayed that this
plugin is missing. Hoping not. I first tried WP Ghost over and over but could not
get past its sandboxed logon test. So this is the next best way of hiding my non-
admin public facing author username (I never post with admin user). Anyhow thanks
for this plugin.
### [Just please don’t forget to update](https://wordpress.org/support/topic/just-please-dont-forget-to-update/)
[shahinsafari](https://profiles.wordpress.org/shahinsafari/) اکتوبر 3, 2023
Very very good , thank youI searched a lot until I found this plugin.Friends, other
plugins will lose SEO by changing the url, but this plugin is not like thatJust
the publisher, don’t forget to update so that we don’t have a problem and don’t
need another plugin
[ تمام 2 جائزے پڑھیں ](https://wordpress.org/support/plugin/wp-author-security/reviews/)
## شراکت دار اور ڈیویلپرز
“WP Author Security” اوپن سورس سافٹ ویئر ہے۔ مندرجہ ذیل لوگوں نے اس پلگ ان میں حصہ
لیا:
شراکت دار
* [ mgm security partners GmbH ](https://profiles.wordpress.org/mgmsp/)
“WP Author Security” کا 4 زبانوں میں ترجمہ کیا گیا ہے۔ تعاون کے لیے [مترجمین](https://translate.wordpress.org/projects/wp-plugins/wp-author-security/contributors)
کا شکریہ۔
[“WP Author Security” کا اپنی زبان میں ترجمہ کریں۔](https://translate.wordpress.org/projects/wp-plugins/wp-author-security)
### ڈویلپمینٹ میں دلچسپی ہے؟
[کوڈ براؤز کریں](https://plugins.trac.wordpress.org/browser/wp-author-security/)،
[ایس این وی ریپوزیٹری](https://plugins.svn.wordpress.org/wp-author-security/) کو
چیک کریں یا [ڈویلپمینٹ لاگ](https://plugins.trac.wordpress.org/log/wp-author-security/)
کو سبسکرائب کریں بذریعہ [آر ایس ایس](https://plugins.trac.wordpress.org/log/wp-author-security/?limit=100&mode=stop_on_copy&format=rss)۔
## چینج لاگ
#### 1.5.0
* added basic statistics to the settings page
* bugfix password forgotten protection
#### 1.4.1
* Bugfix error on login check
#### 1.4.0
* added protection for the wp-sitemap.xml author disclosure
#### 1.3.0
* added protection for the /feed endpoint
* added protection for the oEmbed endpoint
#### 1.2.1
* updated documentation
* bugfix wrong mail detection
#### 1.2.0
* added protection for log in and password forgotten page
* added language support for de/en
#### 1.1.0
* added protection for REST API
#### 1.0.0
* initial release
## میٹا
* Version **1.5.0**
* Last updated **3 سال پہلے**
* Active installations **500+**
* WordPress version ** 4.7 یا اس سے جدید **
* Tested up to **6.2.9**
* PHP version ** 7.4 یا اس سے جدید **
* Languages
* [English (US)](https://wordpress.org/plugins/wp-author-security/)، [German](https://de.wordpress.org/plugins/wp-author-security/)،
[Spanish (Mexico)](https://es-mx.wordpress.org/plugins/wp-author-security/)،
[Spanish (Spain)](https://es.wordpress.org/plugins/wp-author-security/)، اور
[Spanish (Venezuela)](https://ve.wordpress.org/plugins/wp-author-security/).
* [اپنی زبان میں ترجمہ کریں](https://translate.wordpress.org/projects/wp-plugins/wp-author-security)
* Tags
* [author](https://ur.wordpress.org/plugins/tags/author/)[privacy](https://ur.wordpress.org/plugins/tags/privacy/)
[security](https://ur.wordpress.org/plugins/tags/security/)[user enumeration](https://ur.wordpress.org/plugins/tags/user-enumeration/)
[wpscan](https://ur.wordpress.org/plugins/tags/wpscan/)
* [اعلی درجے کا منظر](https://ur.wordpress.org/plugins/wp-author-security/advanced/)
## درجہ بندیاں
5 out of 5 stars.
* [ 2 5-star reviews ](https://wordpress.org/support/plugin/wp-author-security/reviews/?filter=5)
* [ 0 4-star reviews ](https://wordpress.org/support/plugin/wp-author-security/reviews/?filter=4)
* [ 0 3-star reviews ](https://wordpress.org/support/plugin/wp-author-security/reviews/?filter=3)
* [ 0 2-star reviews ](https://wordpress.org/support/plugin/wp-author-security/reviews/?filter=2)
* [ 0 1-star reviews ](https://wordpress.org/support/plugin/wp-author-security/reviews/?filter=1)
[Your review](https://wordpress.org/support/plugin/wp-author-security/reviews/#new-post)
[See all reviews](https://wordpress.org/support/plugin/wp-author-security/reviews/)
## شراکت دار
* [ mgm security partners GmbH ](https://profiles.wordpress.org/mgmsp/)
## معاونت
کچھ کہنا ہے؟ مدد چاہیے؟
[معاونتی فورم دیکھیں](https://wordpress.org/support/plugin/wp-author-security/)