WordPress
How do I prevent user enumeration on my WordPress site?
WordPress leaks usernames in several ways. In truth there is no way to fully prevent user enumeration, particularly if your website makes use of authors pages. However, you can certainly reduce the attack surface and make user enumeration harder by following the below steps:
- Disable the WordPress REST API if you are not using it,
- Disable WordPress XML-RPC if you are not using it,
- Configure your web server to block requests to /?author=<number>,
- Don’t expose /wp-admin and /wp-login.php directly to the public Internet.
Cloudflare Firewall Rules for Securing WordPress
Wordpress htaccess configuration
as you know that WordPress is one of the most famous CMS in the world but unforunatily it is not secure enough and we have to protect it somehow abd also we need to setup some cache configuration in the htaccess
First thing you need to do is to disable directory listing by adding this line to .htaccess
Options All -Indexes
the other thing you need to do is to setup the objects cache (image/css files/ js files)
this is one of the best code we can use
WordPress important Plugins
When you install WordPress it is very important to install some plugins that can protect your website, here we will list some of them