Skip to main content
Security Guide

Block User ID Phishing on WordPress (1 easy step)

iStaffFebruary 26, 20232 min read
Block User ID Phishing

Improving your WordPress website security is always a good route to take. One of the easiest ways to tighten things up for your website is to block user ID phishing requests on your WordPress website.

Phishing is a type of cyber attack in which an attacker attempts to find users into revealing sensitive information, such as login credentials.

Block User ID Phishing Benefits

  • Improve website security: By blocking user ID phishing on your WordPress website, you can prevent any phishing attacks which may reveal your admins or any other accounts on your website.
  • Site reputation: If your site is known for being vulnerable to phishing attacks, it can damage your reputation and make users hesitant to visit or use your site.
  • Protecting user data: User ID phishing attacks are designed to steal user credentials, such as usernames. By blocking these attacks, you can prevent unauthorized access to user data and protect your users’ privacy.

How to Check my Website?

Simply open a new tab in any browser of your choice, type-in yourdomain.com/?author=1 and hit enter.

Surprised? Yes that is your first user on your WordPress website. To find other usernames, change number 1 to 2,3, or 4.

To block user ID phishing on your WordPress website, follow these simple steps:

The Steps:

  • Access your website’s File Manager or use an FTP client to connect to your website’s server. In our case, it is cPanel.
  • Go to your public_html or any directory which holds your WordPress installation.
  • Locate the .htaccess file in the root directory of your website.

Note: if you cannot see .htaccess, simply click on Settings in the right-hand side, click on “Show Hidden Files (dotfiles)”, and click save.

  • Open the .htaccess file by right clicking on the file then click on Edit.
  • Add the following code to the file:
# Block User ID Phishing Requests
<IfModule mod_rewrite.c>
	RewriteCond %{QUERY_STRING} ^author=([0-9]*)
	RewriteRule .* http://example.com/? [L,R=302]
</IfModule>
  • Change http://example.com/? to https://yourdomain.com/?
  • Save the .htaccess file.

To verify, go back to your browser and open a new tab. type-in yourdomain.com/?author=1 and hit enter.

Now, you should be redirected to your home page. If not, please go over the steps again to make sure everything is the way it should be.

You may also want to block directory listing on your WordPress website, if you have not done it already, visit this ARTICLE to do it.

If this article was useful to you, please leave a comment below.

Leave a Reply