Attack surface associated with www.domain.com/?author=1

[Mendy Ouzillou]

My developer just told me that a hacker can more easily hack my site by accessing http://www.domain.com/?author=1

After doing research, I am not sure if that is still correct, but if so, what actions can I take using BPSpro?

Mendy

[AITpro Admin]

This is called an Author Enumeration probe/recon.  You can use this BPS Bonus Custom Code to protect against this > https://forum.ait-pro.com/forums/topic/wordpress-author-enumeration-bot-probe-protection-author-id-user-id/

[Mendy Ouzillou]

I followed instructions, and it did not work. There is a note that says: Note: If you have a WordPress GWIOD (Giving WordPress Its Own Directory) website then you would add this code to both your site root htaccess file and BPS Root Custom Code. GWIOD site types have 3 htaccess files. 1 Site Root htaccess file, 1 WordPress installation folder htaccess file (BPS Root htaccess file) and a BPS wp-admin htaccess file.

Since I do have a WP website, where exactly do I find these files t oedit in BPSpro?

[AITpro Admin]

Go the WordPress Settings > General page.  Are the “WordPress Address (URL)” and “Site Address (URL)” option settings the same or different?  If they are different then you have a GWIOD site type.  If they are the same you have a standard WP site type. If you have a GWIOD site type then your site root folder is a folder level above your WordPress installation folder.

[Mendy Ouzillou]

They were the same. The Root folder BulletProof Mode was activated previously. I activated it again and now it works.

[AITpro Admin]

Great!  Yep, any time you copy new custom htaccess code to BPS Custom Code you need to activate BulletProof Mode again.  Custom Code saves your custom code to your database.  Activating BulletProof Modes gets your Custom Code from your database and adds it in the htaccess file(s).

[Author]

Posts