I have enabled the toggle to “Stop user enumeration” in the Hardening section.
However, running a curl command to the “/wp-json/wp/v2/users” endpoint shows user data.
Am I missing the functionality this is supposed to prevent? It was my understanding this endpoint (when stop user enumeration is enabled) should return 403.
Please advise. Thank you.
EDIT: A whitelisted IP bypassed the user enumeration, as it should. This is working as expected. Topic closed.
To test WP Cerber’s security features, please make sure you follow these conditions:
Use an incognito window in your browser or test from a different device.
Ensure the IP address of the testing device is not in the White Access List. You can check this on the Access Lists page.
Note: When you activate WP Cerber, it automatically adds your current IP address to the White Access List. This behavior can be disabled in the settings.