harryjackson1221
commented
7 years ago I wanted to contribute to this much needed project, so I figured I would add this, and see if its the format you are looking for :-)
Closed harryjackson1221 closed 6 years ago
harryjackson1221
commented
7 years ago I wanted to contribute to this much needed project, so I figured I would add this, and see if its the format you are looking for :-)
getsource
commented
7 years ago Hi! Thanks for your pull request!
Because usernames/IDs are not considered to be a secret by the WordPress project, I think this information does not belong in best practices for WordPress.org hosting.
See here for more details: https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#why-are-disclosures-of-usernames-or-user-ids-not-a-security-issue
ataylorme
commented
6 years ago @harryjackson1221 I'm going to close this out but thank you so much for wanting to contribute! If security is your passion we have a lot of topic stubs in the Security Section that need a first pass.
Add info about stopping username enumeration in either .htaccess or functions.php