You can use the REST API to list users:
/wp-json/wp/v2/users
Add that to the end of your website URL.
Plugins such as Wordfence can prevent anonymous users from accessing this.
You can also disable the REST API if you do not use it.
Related Posts:
- Basic auth WordPress REST API dilemma
- security+best practices: root or www-data on a wordpress content folder?
- Any reason to be concerned by a wave of “zombie” blog signups?
- How to change WordPress user ID?
- Setting WP Admin passwords to expire
- What do spammers gain by signing up as a user?
- How can I secure a WordPress blog using OpenID from a single provider?
- Rule to redirect non logged in User to Custom Registration/login Page in .htaccess file
- Restrict access of admin uploads to certain logged-in users?
- Force user to change their password on the frontend at the first login and password policy
- Should I encrypt the response that triggers an Ajax action? Is nonce sufficient?
- Are there mutiple ways to get usernames (as a hacker)
- Reset Password policy
- How do I protect user_activation_key?
- Failed login attempts
- Separate Out Real Users
- WordPress Password security related questions
- Preventing user enumeration: which logic is better?
- Force users to use password with specifications
- throttle/limit a logged in user’s http requests to specific page on a per day basis
- Require confirmation of current user’s email before updating database and before send_email_change_email
- Securely log in a user without a password using a link?
- What techniques can a user employ to achieve a password rated “strong” in the WordPress password checker
- WordPress – Security Question at Login from User’s Meta Data
- How to Merge Two Authors Into One?
- Whats the best way to share user data across multiple WordPress websites?
- User-edit role setting distinct from wp_capabilities? [closed]
- Delete all subscribers from wp_users and wp_usermeta a few thousand at a time
- Hide Admin Menu for Specific User ID who has administrator Role
- Problem with Hebrew characters in username
- Allowing an email as the username?
- Get the name of user who updated post
- Display edit link if post author is current user
- What does a security risk in a plugin look like?
- Do not allow users to create new posts and pages
- Send activation email to user after signup [duplicate]
- wp_update_user() does not update user_data
- How to add follow functionality to multi-author wordpress site?
- Search multiple meta keys at once
- Get user input from a form
- Redirecting user after updating profile?
- ACF Upload Image in front-end with custom form
- User fields that can be edited by administrator?
- Admins can’t edit each other’s posts
- Update user_login to change username
- Attach to wp-login.php and xmlrpc.php
- Multiple authors with different “author roles”
- Exclude subscriber users from user list
- How can I check if a user’s email exists in the database
- XMLRPC filtering through htaccess not working
- Getting users by specific capability, not role
- Creating user in Firebase after WordPress user registration
- Exclude admin from user list
- Headers Content-Security-Policy CSP Major Issue
- How to display total number of post done by user, it should display at authors page wordpress [duplicate]
- Can i add password field into my wp registration form?
- User capability for editing their own comments
- Delete User via Frontend
- Allow Contributors to Upload Files
- Limit a number of users returned from sorting users by latest posts function
- Will wordpress tools import do everything I need to copy one site to another
- OAuth 2 and saving the authenticated user
- How to notify specific users when i’m posting/modifying a new post
- Disable directory browsing of uploads folder
- User description only displayed for logged user
- Allow users to create post without logging in?
- How to get the count
- Assign random (and unique) user meta upon registration
- What is correct way to change user’s email?
- Display the line breaks in user bio without using html
- wp_dropdown_users() to include null value
- Adding more fields to the add user page on dashboard
- Selectively Disabling PHP via .htaccess in Root Directory
- Change User Role based on Point System Issue
- Remove users access to dashboard
- Allow users to upload flash videos?
- Need to use WordPress page as authentication for different service
- How can I clone a suscriber profile in wordpress
- Reading additional fields in PMPro
- How to put the ‘assign to new user’ select when you delete a user that has custom post type posts, but no normal posts
- How can I show a button in WordPress but make it unclickable unless logged in?
- How to display extra fields for user
- How to make WordPress ‘editor’ role to list/view/add/edit users only with the role ‘author’?
- get_users – Sort by a different meta_value than search criteria
- How to prevent deleteting specific user?
- How to get the username for a custom link
- To save user info on the same page by form submiting
- Groups roles & capabilities
- Button for users to upgrade their user role + Button to show current user role!
- Restrict Access to the User Profile
- Hash user emails in database?
- How do I Limit the number of pages a non-subscriber can see?
- How to get only 1 role from user
- Retrieve New user’s ID
- Restrict access to certain dashboard pages based on user id
- how to show logged in members username in wordpress content
- User agent stylesheet distorting site [closed]
- MySQL query to list users who never signed in
- Send email to user if their role is changed to Author
- Can’t retrieve user email address with REST API