Disable the REST API user endpoints due to obscure user slugs.
With WordPress 4.7 the REST API is part of the core. At the moment everyone has read access to the REST API. As a result of that a potential intruder can retrieve a list of all user slugs via /wp-json/wp/v2/users
. This plugin disables the REST API user endpoints to obscure the user slugs.
Contributions are more than welcome. Simply head over to Github and open an issue or a pull request.
smntcs-disable-rest-api-user-endpoints
to the /wp-content/plugins/
directory.Plugins
menu in WordPress.