Username Protection for ClassicPress
The Username Protection plugin removes anonymous access to usernames in ClassicPress to help mitigate brute-force attacks. For visitors who are not logged in, usernames are removed from the REST API, feeds, author pages, and prevented from exposure through other common vectors of discovery.
Frequently Asked Questions
Where are the settings located?
There are no settings; activate the plugin and you’re done.
Does this plugin hide usernames or protect them?
It protects them. For example, in feeds, the username is replaced with the site name before anything is even sent to the browser. For the REST API, the requests are simply blocked. So, where it makes sense, the usernames are replaced with the site name…and in other places where it makes sense, usernames are simply prevented from loading.
- Official release
The Username Protection plugin is released under the General Public License.
- ClassicPress 1.0.0 or later
- PHP 5.6 or later
- Login to your ClassicPress website.
- Navigate to
Dashboard > Plugins > Add New
- Search for
- Find the
Username Protectionplugin in the results
- Click to
- Click to
- See the documentation for next steps
Note: This method will be available when the official ClassicPress plugin directory is ready.
Checksums – Coming Soon
Checksums allow you to verify the integrity of the plugin file.
There are no reported conflicts between the Username Protection plugin and other ClassicPress plugins or themes. If you experience something unexpected, please send an email!
There are no special usage instructions – activate the plugin and you’re done. If you want to test to make sure it’s working, just logout and try to find a username in comments, feeds, the REST API, etc. When you log back in, you’ll find that the usernames are unaffected.