prevent user name enumaration/leakage #4
WordPress by default have two easy ways for non authenticated user to discover user names (at least the author ones), by canonical redirect from the "old" url formats, and by querying the user information via the REST API.
In addition WordPress gladly discloses which user names and emails are in use via login and password reset error messages.
The text was updated successfully, but these errors were encountered:
…de admin screen under tools #4