_MK – SECURITY – Block Author Enumeration

// 🔒 Block ?author=1 user enumeration attempts

add_action('init', function () {

    if (!is_admin() && isset($_GET['author'])) {

        wp_redirect(home_url(), 301);

        exit;

    }

});

// 🛡️ Disable REST API user exposure

add_filter('rest_endpoints', function ($endpoints) {

    if (isset($endpoints['/wp/v2/users'])) {

        unset($endpoints['/wp/v2/users']);

    }

    return $endpoints;

});