Jethost’s Help Center


How to Stop User Enumeration in WordPress

By default, WordPress reveals usernames through author archives and URL queries. This makes it easier for attackers to find valid login names. With the JetHost Total Care stop user enumeration feature, you can block these scans and protect your site from targeted brute-force attacks.

Why You Should Block User Enumeration

Usernames are the first piece of data hackers need when trying to break into your WordPress site. Once they identify a valid username, they can focus on guessing the password. User enumeration gives them that first step far too easily.

Blocking it helps you:

  • Prevent attackers from finding valid usernames
  • Stop automated scripts that scan author IDs
  • Reduce the success rate of login brute-force attacks

This small change makes a big difference in WordPress login security.

What Is User Enumeration in WordPress?

User enumeration happens when someone adds ?author=1, ?author=2, etc. to your URL to reveal public author pages. If not blocked, WordPress will redirect or display the username in the URL or page source.

For example:

Visiting https://example.com/?author=1 might redirect to https://example.com/author/admin, revealing the username “admin” even if it’s never shown on the site.

How to Stop User Enumeration with JetHost Total Care

To control autosave using JetHost Total Care:

1. Log in to your WordPress dashboard.
2. Open the JetHost Total Care section from the sidebar.
3. In the tab Security, find the setting labeled Stop user enumeration in WordPress.
4. Toggle the switch to enable it.

JetHost Total Care stop user enumeration

JetHost Total Care applies the block immediately.

JetHost Total Care Security setting updated

What Happens After You Enable It

Once this setting is active, WordPress will stop responding to author-based queries in the URL. Requests like ?author=1 will be blocked or redirected without revealing usernames.

The result: bots and attackers will hit a dead end instead of collecting login names.

JetHost Experts Tip

Use this setting along with login protection and strong passwords. Stopping user enumeration removes one of the easiest tools attackers use when planning brute-force attacks.

Need More Help?

The JetHost Total Care stop user enumeration feature is a simple and effective way to shut down username discovery. Combined with other login security settings, it strengthens the first line of defense on your WordPress site. Take a look at more WordPress security guides to stay ahead of common issues.

Back to help