From 0f9ed5c258b91588ae9b39fad03934835a86fa5c Mon Sep 17 00:00:00 2001
From: Davide Giunchi <davide.giunchi@diennea.com>
Date: Mon, 28 Aug 2017 17:50:55 +0200
Subject: [PATCH] stop-users-enumeration: added enumeration block via REST API
 (wp >= 4.7)

---
 .../other-includes/wp-security-stop-users-enumeration.php   | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/all-in-one-wp-security/other-includes/wp-security-stop-users-enumeration.php b/all-in-one-wp-security/other-includes/wp-security-stop-users-enumeration.php
index df711d4..fcafb7c 100644
--- a/all-in-one-wp-security/other-includes/wp-security-stop-users-enumeration.php
+++ b/all-in-one-wp-security/other-includes/wp-security-stop-users-enumeration.php
@@ -9,3 +9,9 @@
         wp_die('Accessing author info via link is forbidden');
     }
 }
+
+if(( preg_match('/users/', $_SERVER['REQUEST_URI']) !== 0 ) || ( isset($_REQUEST['rest_route']) && ( preg_match('/users/', $_REQUEST['rest_route']) !== 0 ))){
+     if( ! is_user_logged_in() ) {
+        wp_die('Accessing author info via REST API is forbidden');      
+     }
+}