How to disable author query in WordPress

1
votes

In wordpress, when you hit url like the following:

http://www.example.com/?author=1

If the author ID is valid then they will be redirected to the author URL, for example:

http://www.example.com/author/username

Then the hacker start attacking the username. How could I disable (?auther=xx) query in url?

for example redirect the request to another page like 404 (not found) page

2
phpwordpresssecuritywordpress-theming
Make a 301 redirect to your home page? - dingo_d
Does this help? wordpress.stackexchange.com/questions/182236/… - Hobo
Can you tell a little more about the actual problem. What would a potential hacker do? - Maarten Bicknese
Brute Force Attack or Dictionary Attack - Abdallah Sabri
@Hobo I'm using IIS server - Abdallah Sabri

2 Answers

1
votes

I believe that dingo-d has it right, above, referring to the 301 redirect. I have installed 301 redirects on several Wordpress sites to accomplish this. I redirect [domain]/?author=* with a wildcard to my 404 page. I have watched my activity logs before and after implementing this. The malicious login attempts immediately switch from valid user names to the generic "admin."

0
votes

Add the following filter to your functions.php file;

add_action('template_redirect', 'disableAuthorUrl');

function disableAuthorUrl(){
    if (is_author())) {
       wp_redirect(home_url());
       exit();
    }
}

This will check all incoming requests to see if the page requested is an author page, and if so, redirect to the homepage, or wherever else you choose.