WP_FAIL2BAN_BLOCK_USER_ENUMERATIONΒΆ
New in version 2.1.0.
Changed in version 4.0.0: Now also blocks enumeration via the REST API.
Brute-forcing WP requires knowing a valid username. Unfortunately, WP makes this all but trivial.
Based on a suggestion from @geeklol and a plugin by @ROIBOT, WPf2b can now block user enumeration attempts. Just add the following to wp-config.php
:
define('WP_FAIL2BAN_BLOCK_USER_ENUMERATION', true);