Please visit our channel & subscribe: https://youtube.com/dhakawebhost
When a visitor enters your-site.com/?author=1 into their address bar, they’re directed to the author’s page that has a user ID of one. The author’s page includes the actual username associated with the user ID.
The visitor would easily be able to get all the usernames of all the users of your site if they have any posts associated with their account. This process is called username enumeration.
If a hacker is able to easily get a hold of your username, it’s one less thing they need to guess. In fact, the only other detail they need to guess is your password.
While knowing the username associated with an account isn’t going to add much value for a hacker if the user uses a strong password, it can still be beneficial to prevent username enumeration since the more obstacles you an make for a hacker, the less likely it is that they can actually infiltrate your site.
Here’s how you can prevent username enumeration by adding the following to your .htaccess file:
RewriteCond %{QUERY_STRING} author=d
RewriteRule ^ /? [L,R=301]
