WordPress do not consider user names to be private information. It is trivial to get a user name of any one which has authored a post, and it is not very complex to get a list of active user names based on the errors displayed at the login form when using a wrong password.
Regardless of my personal dislike to this policy, in the end most user names can be easily guessed and more targeted attacks can use email adrress, which for many is a public information, to attempt login.
Best advice is probably to put less emphasize on “security” plugins which report many things you either can do nothing about, or are just part of the “the internet is full of evil people” fact, and focus on keeping good user passwords and limit user capabilities as much as possible.
Related Posts:
- Editor can create any new user except administrator
- Confirmation required on email change
- get_current_user_id() returns 0?
- List users by last name in WP_User_Query
- Email user when password is reset by admin
- How to work around “that email address has already been used” error?
- How can I run a WP-CLI command as authenticated user?
- How to redirect a specific user after log-in?
- How to Prevent deleting user accounts in WordPress Back-end?
- Upload gravatar in WP profile?
- How to stop a user from updating the post date
- Recover the user that have been deleted
- determining if the user is logged in
- Adding a photo to each WP user
- WordPress edit_user_profile_update update secondary role
- Check if user is online?
- how to get recent registered author id?
- set_role has no effect
- Is it possible to duplicate users on a new WordPress install?
- How to use search_columns in WP_User_Query?
- Get users only if Gravatar is specified
- WordPress to use Drupal users’ credentials
- Authenticate with a Rails app?
- How do I list in the backend all users that were assigned to a custom role?
- Send Email to Users after Deleting Account
- How to add local users to wordpress without email password?
- WP User Query fails when searching meta queries and search columns
- Suddenly all emails in User have [email protected]
- *wpupdateuser* user_login in my WordPress database
- Updating user meta
- Changing a username
- Are User Levels Still Currently Used?
- How to add a user profile page to frontend?
- Delete users from multisite after they have not logged in for a set amount of time?
- Where is the information about the authors for articles stored?
- Restrict access of admin uploads to certain logged-in users?
- Find user by nicename and open profile
- Using Cloudflare caching on wordpress with front-end user logins
- Redirect user after successful email change
- get_user_meta an ID for multiple functions
- Reset Password policy
- Which function is called after update any field of user from any where of the site
- Register user when after filling contact form
- Is possible to allow user to login with different role?
- Custom Comment Notifications Fire on each Page Load
- The Simple and Correct Way to Add User Meta
- Export Users and their Advanced Custom Fields
- Hide hour from displaying when using user_registered
- Allow unfiltered HTML for not logged in users when saving a post
- How to copy user_nicename value into user_login
- How to check User Role and redirect to specific page according to Role when login in WordPress?
- Create a “user log”
- How can I do a url redirect to include a wordpress username?
- WP_User_Query combining role and ids
- WordPress current month users
- Allow Users to Modify Some Values of Assigned WordPress Pods [closed]
- Can I Create a Second Admin Level User Role?
- Custom registration and pending approval
- Let logged-in users use radio buttons (yes and no) to exclude their author profile from the user listing
- Make new users automatically approved
- Adding fields to the “Add New User” but the form data not saved into DB
- Admin approval for editing user profile
- Using a custom field value as current users name [closed]
- What does “link” refer to when you delete a user?
- WP Create User – Preventing repeated information
- Editor role can only create/edit/delete users who have one of two roles
- Can’t add user- wrong message “this user name is invalid because it uses illegal characters”
- set automatically email address for WordPress users
- WordPress 5.8 – Hide or Remove personal fields from admin Profile page
- hide user is currently editing warning in admin post page
- Restricting wordpress login sessions for a web app
- change user password REST API
- Use WP cookie to authentificate user on an external app
- Find count of WordPress users by role and search string for user name
- Append USER ID to an outbound link?
- How do I add profile fields in specific section?
- fine-grained capabilities for user related capabilities
- Users activity history
- How to destroy all user sessions via WP-CLI
- Is a list of user names or IDs in a custom profile field the best way to create a followers list?
- Custom User Role: Can Edit Own Page, Cannot Create New
- How to restrict Admin from creating new users from Add new user screen in dashboard to only of one domain?
- Get meta key with value for user
- Redirect current user
- Display Users and user url’s
- custom login form, guide me
- Edit dashboard based on user ID
- is_user_logged_in() not working after domain change
- Get the author registration date in the header.php file
- Front end login and page restriction
- How i will get the images of highest scored users?
- Designing a member area on my site
- i need to let a user to add a role from a frontend form
- Integrating Facebook Registration (and Login) on a WordPress page
- WordPress C# User Login
- Create users from frontend without password
- How to get user contact info
- Why does a super admin on multi site get a rest_user_invalid_id error code when requesting user details through REST?
- get Discussion setting in wordpress
- Set a minimal number for next user_id