54 lines
1.3 KiB
PHP
54 lines
1.3 KiB
PHP
<?php
|
|
defined('ABSPATH') or die();
|
|
/**
|
|
* Prevent User Enumeration
|
|
* @return void
|
|
*/
|
|
function rsssl_check_user_enumeration() {
|
|
if ( ! is_user_logged_in() && isset( $_REQUEST['author'] ) ) {
|
|
if ( preg_match( '/\\d/', $_REQUEST['author'] ) > 0 ) {
|
|
wp_die( sprintf(__( 'forbidden - number in author name not allowed = %s', 'really-simple-ssl' ), esc_html( $_REQUEST['author'] ) ) );
|
|
}
|
|
}
|
|
}
|
|
add_action('init', 'rsssl_check_user_enumeration');
|
|
|
|
/**
|
|
* @return bool
|
|
* Remove author from Yoast sitemap
|
|
*/
|
|
function rsssl_remove_author_from_yoast_sitemap( $users ) {
|
|
return false;
|
|
}
|
|
add_filter('wpseo_sitemap_exclude_author', 'rsssl_remove_author_from_yoast_sitemap', 10, 1 );
|
|
|
|
/**
|
|
* Prevent WP JSON API User Enumeration
|
|
* Do not disable in when logged in, preventing issues in the Gutenberg Editor
|
|
*/
|
|
|
|
if ( !is_user_logged_in() || !current_user_can('edit_posts') ) {
|
|
add_filter( 'rest_endpoints', function ( $endpoints ) {
|
|
if ( isset( $endpoints['/wp/v2/users'] ) ) {
|
|
unset( $endpoints['/wp/v2/users'] );
|
|
}
|
|
if ( isset( $endpoints['/wp/v2/users/(?P[\d]+)'] ) ) {
|
|
unset( $endpoints['/wp/v2/users/(?P[\d]+)'] );
|
|
}
|
|
return $endpoints;
|
|
} );
|
|
}
|
|
|
|
//prevent xml site map user enumeration
|
|
add_filter(
|
|
'wp_sitemaps_add_provider',
|
|
function( $provider, $name ) {
|
|
if ( 'users' === $name ) {
|
|
return false;
|
|
}
|
|
|
|
return $provider;
|
|
},
|
|
10,
|
|
2
|
|
); |