Checkout

What is wrong with having a listing of user's post in {site name}/author/{user login}? Two things It allows an attacker to easily figure out the user name he should attack It can get ugly if…

The Gravatar service, which powers by default all of the avatars displayed at WordPress comments and admin areas is a service that was designed in a much more naive times, when the implications of bad…

WordPress has a global setting to control whether only registered users can comment, but sometime you need a more granular  control. For example you might want to require login to comment on all posts, but…

This plugin lets you change the hard coded base URL for the the pages displaying the authors posts. Change from {site url}/author/{user slug} to {site url}/{your base}/{user slug}. Why woud you want to use it?…

This plugin prevent the two sources of user enumeration attack, the backward compatibility to old URL formats, and trying to be nice to user by giving a detailed error messages at the login page Not…

Wordpress login page is always located at {site url}/wp-login.php and this makes it very easy to brute force attack the login system. This plugin implements the most obvious solution to this problem and allows the…