Awaiting product image

Stop user enumerations for PCI scanner compliance

Secures user enumerations for PCI scanner compliance. Must be set to run on both front-end and back-end (run everywhere setting).

Category: Tags: , 
add_action( 'plugins_loaded', function() {

	if( ! is_user_logged_in() && isset( $_REQUEST['author'] ) ) {

		if( preg_match( '/\\d/', $_REQUEST['author'] ) > 0 ) {

			wp_die(
				esc_html__( 'forbidden - number in author name not allowed = ', 'stop-user-enumeration' )
				. esc_html( $_REQUEST['author'] )
			);

		}

	}

} );

add_action( 'rest_authentication_errors', function( $access ) {

	if(
		preg_match( '/users/', $_SERVER['REQUEST_URI'] ) !== 0
		|| isset( $_REQUEST['rest_route'] ) && preg_match( '/users/', $_REQUEST['rest_route'] ) !== 0
	) {

		if( ! is_user_logged_in() ) {

			return new WP_Error(
				'rest_cannot_access',
				esc_html__( 'Only authenticated users can access the User endpoint REST API.', 'stop-user-enumeration' ),
				array( 'status' => rest_authorization_required_code() )
			);

		}

	}

	return $access;

} );

PHP Code Snippets

  1. Log into a staging, development, or locally hosted clone of your site.
  2. Install and activate the Code Snippets plugin.
  3. Navigate to WP Admin > Snippets > Add New.
  4. Copy and paste the code from the Description tab above.
  5. Check to ensure formatting came over properly and no syntax errors show up in the editor.
  6. Customize the code as desired.
  7. Add a meaningful title and description.
  8. Select whether to run on front-end or back-end (or both). Some snippets require both.
  9. Click the “Save and Activate” button.
  10. Test your site to ensure it works as expected.
  11. Disable if any problems, or recover as necessary.
  12. Repeat steps two onward on your live environment.

HTML Reusable Blocks

Blocks may be imported into the Code Editor view of the WordPress Block Editor (three dots in the upper-right, select code editor). This is best used as a Reusable Block, which you can dynamically add into any page or post. In order to import as a Reusable Block navigate to your site with the following URI: /wp-admin/edit.php?post_type=wp_block or see my code snippet Add reusable blocks link to the Appearance menu.

  1. Describe the issue and what you’ve observed.
  2. Describe your expected outcome(s).
  3. List steps to reproduce the issue.
  4. Optionally provide screen-shot or video URLs.
Contact us

We code all of our code snippets directly. Our clients provide most of the ideas and demand for the functionality provided by our code snippets.

There are several sources one can find on Google for code that has inspired or contributed to this open-source library. Here’s some main ones:

All code snippets are licensed GPLv2 (or later) matching WordPress licensing.

Disclaimer of warranty:

Except when otherwise stated in writing the copyright holders and/or other parties provide the program as-is without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose.

Related products