Merge pull request #87 from davidegiunchidiennea/master

stop-users-enumeration: added enumeration block via REST API (wp >= 4.7)
Arsenal21 · Aug 30, 2017 · 9c68ce1 · 9c68ce1
2 parents 98ae25a + 0f9ed5c
commit 9c68ce1
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/all-in-one-wp-security/other-includes/wp-security-stop-users-enumeration.php b/all-in-one-wp-security/other-includes/wp-security-stop-users-enumeration.php
@@ -9,3 +9,9 @@
         wp_die('Accessing author info via link is forbidden');
     }
 }
+
+if(( preg_match('/users/', $_SERVER['REQUEST_URI']) !== 0 ) || ( isset($_REQUEST['rest_route']) && ( preg_match('/users/', $_REQUEST['rest_route']) !== 0 ))){
+     if( ! is_user_logged_in() ) {
+        wp_die('Accessing author info via REST API is forbidden');      
+     }
+}