I'm a big fan of plugins that do exactly what they sound like they'll do. Stop Emails…
Security is a paramount issue for any website that is active on the web today. With the forming of new laws in the last few months, we are absolutely bombarded with personal information agreements on basically every page we visit. Although the new laws are concentrated primarily on the websites themselves from using your information, you have to take into account security issues concerning outside attempts to hack your site. User enumeration is something that you won’t have to worry about with this plugin.
What is user enumeration?
User enumeration is a situation when an outside source tries to gather information on valid users in a system. Websites are particularly vulnerable to this, but it can be a problem in any system that features dedicated users. It does this by running a script that scans the page for user data by requesting numerical user IDs and looking for differences in the system responses that vary based on submitted credentials.
Doing this it can calculate the username and password, most commonly with a trial and error approach, first getting the username and the password. That’s why you have to be careful and should never use one of these bad passwords. After the scan, the list of login names can be obtained easily by anybody doing the intrusion.
What does this plugin do?
The Stop user enumeration is a free plugin, developed by Fullworks and, as its name suggests, puts a stop to all this so you don’t have to worry about user login safety. The plugin not only protects from such intrusions but also logs IPs that attempted them for extra protection in the future. It works on its own but is more effective when paired up with fail2ban or Fullworks Firewall for increased security.
You can alter the settings to reflect any additional software you are using, as well as configure the plugin based on the different functions your site needs and/or provides. A good example of this is the option to implement the protocol in your comments section – which of course isn’t needed if you don’t have one. Generally, all the different options are well explained and pretty straightforward.
Costs, Caveats, Etc.
Now granted, everything we’ve mentioned can also be done manually, in code, and there are actually a surprising number of tutorials on doing just that, but for everybody who don’t have the required knowledge or time this has proved to be a more than very good alternative – a fact which over 30,000 active installations can attest to. Also worth noting are the regular updates which keep the plugin effective against any new threats.
If you want to protect your site even further, we suggest checking the Security Ninja plugin for WordPress.