While troubleshooting a problem, I noticed in a client’s error logs (running on wpengine) that someone or many someones had generated a warning ‘preventing possible attempt to enumerate users’.

The WPEngine security system had stopped this.

While chatting with support about an unrelated issue, they described that this happens when someone is probing a site trying to learn the usernames associated with that site.

To login to a site a username and password is needed. So if they figure out the username they have half (easy half) of the combination figured out.

WPEngine suggests a free wordpress repository plugin to help with this called Stop Enumeration.

Plus, I took the extra step of copy/pasting the IP addresses from these probes from the error logs and into a Firewall block rule in Cloudflare. (I protect all client sites with Cloudflare, especially those running on WPEngine as this decreases the number of calls to the server when Cloudflare blocks something. I have recommended Cloudflare for a long time.)


Stop User Enumeration

Pin It on Pinterest

Share This