Disable Feeds And Hide Usernames
禁用供稿并隐藏用户名
removes the rss feeds like below.
删除如下所示的rss feed。
For a simple CMS site it is not required.
对于简单的CMS网站,则不需要。
* http://example.com/feed/
* http://example.com/feed/
* http://example.com/feedss/
* http://example.com/feedss/
* http://example.com/feedss2/
* http://example.com/feedss2/
* http://example.com/feeddf/
* http://example.com/feeddf/
* http://example.com/feed/atom/
* http://example.com/feed/atom/
Why Hide WordPress Usernames
为什么隐藏WordPress用户名
WordPress usernames can easily be guessed.
WordPress用户名很容易猜到。
If guessed it makes the attackers’ life easier especially in case of a targeted WordPress hack attack.
如果猜中了,这将使攻击者的生活更加轻松,尤其是在有针对性的WordPress hack攻击的情况下。
Attackers can use a tool such as WPScan to guess your WordPress username or simply by entering a URL such as the following:
攻击者可以使用WPScan这样的工具来猜测您的WordPress用户名,或者只需输入以下URL:
http://www.example.com/?author=1
http://www.example.com/?author=1
If the author ID is valid then they will be redirected to the author URL, for example:
如果作者ID有效,那么他们将被重定向到作者URL,例如:
http://www.example.com/author/admin
http://www.example.com/author/admin
The above is possible even when you change the WordPress user IDs.
即使您更改WordPress用户ID,也可以执行上述操作。
For example if you changed the user ID to 1000, then by requesting the URL http://www.example.com/?author=1000 the attacker can guess the username.
例如,如果您将用户ID更改为1000,则通过请求URL http://www.example.com/?author=1000,攻击者可以猜测用户名。
This means that you would be delaying the guessing attack but not completely eliminating it.
这意味着您将延迟猜测攻击,但不能完全消除它。
WordPress usernames can also be found in the source of rss feeds.
WordPress用户名也可以在rss feed的源中找到。
Disable Feeds And Hide Usernames
禁用供稿并隐藏用户名
hides the usernames to make it harder for the attacker.
隐藏用户名,使攻击者更难。
