WordPress OSINT, maintenance or security needs? Reach out!
TLDWP

👤 User Enumeration Exposed

WordPress sites that publicly leak usernames via the REST API or author archives, making brute-force attacks easier.

👤 33,859 sites leaking usernames
⚠️ Security Risk: User enumeration lets attackers discover valid WordPress usernames through the REST API endpoint (/wp-json/wp/v2/users) or the author archive redirect (/?author=1). Knowing a valid username is the first half of a brute-force attack. It can be mitigated with a security plugin or by blocking these endpoints.
Domain WP Version Theme Headers Other Issues Last Scanned
d*m*w*r*.w*y*e*i*s*r*i*e.com 🔒 Unknown astra F Jun 6, 2026
s*h*l*z*o*n*a*i*n.org 🔒 7.0 bricks F Jun 6, 2026
t*e*t*r*.ae 🔒 7.0 kava F Jun 6, 2026
m*m*r*s*o*e*.us 🔒 7.0 woodmart-child F Jun 6, 2026
a*e*c*a.j*r*c*.pl 🔒 7.0 jarock F Jun 6, 2026
d*r*a*i*e*p*t*i*e*s.w*l*o*e*r*v*l.gr 🔒 Unknown Divi F Jun 6, 2026
d*l*a*9*g*m*i*s*b*l*-*u*c*a*e.m*n*m*t*i*.net 🔒 7.0 pressbook F Jun 6, 2026
c*v*d*a*i*n*e*.be 🔒 Unknown varia F Jun 6, 2026
r*n*a*l*r*i*.be 🔒 Unknown Divi F Jun 6, 2026
c*a*h*i*r*e.com 🔒 5.4.19 twentyseventeen F Jun 6, 2026
s*p*o*t.s*a*i*h*i*.com 🔒 7.0 twentytwentyfive F Jun 6, 2026
u*p.j*t.t*m*o*a*y.site 🔒 7.0 yith-wonder F Jun 6, 2026
s*n*a*i*n*l*i*n*.net 🔒 5.3.21 rife-free F Jun 6, 2026
b*b*l*n.no 🔒 7.0 hello-elementor F Jun 6, 2026
e*c*n.c*.jp 🔒 Unknown liquid-corporate F Jun 6, 2026
r*a*-*u*o*t*a*s*o*t*r.de 🔒 7.0 hello-elementor F Jun 6, 2026
d*p*t*o*o*i*.de 🔒 7.0 hello-elementor F Jun 6, 2026
m*t*i*b*g*b*i*z*.de 🔒 7.0 hello-elementor F Jun 6, 2026
b*n*c*i.net 🔒 7.0 first F Jun 6, 2026
f*q*b*l*e*t*r*e.fr 🔒 4.5.33 knowall F Jun 6, 2026
a*n*e*u*o*m*i*f*a*c*.com 🔒 6.9.4 dt-the7 F Jun 6, 2026
f*n*a*j*.l*w*a*a*.pl 🔒 5.7 lewiatan F Jun 6, 2026
v*o*k*s*t.pl 🔒 7.0 intentionally-blank F Jun 6, 2026
v*n*r*s*v*i*u*e*e*4*1*.k*c*n.com 🔒 6.8.5 kallyas F Jun 6, 2026
v*n*r*s*v*i*u*e*u*a*4*1*.k*c*n.com 🔒 6.7.5 kallyas F Jun 6, 2026
v*n*r*-*a*v*i*u*e*l*u*a*n*.b*c*n.net 🔒 6.9.4 kallyas F Jun 6, 2026
b*o*.c*u*s*.com 🔒 Unknown enroute F Jun 6, 2026
m*t*c*4*.com 🔒 Unknown onepress D Jun 6, 2026
m*t*a*s*a*s.com 🔒 7.0 twentynineteen F Jun 6, 2026
m*t*x*d.com 🔒 6.9.4 soledad F Jun 6, 2026
m*t*s*y*o*l*.com 🔒 7.0 nancy F Jun 6, 2026
m*t*p*a*.com 🔒 7.0 Avada F Jun 6, 2026
m*t*m*a*t*u*r*a*h.com 🔒 7.0 Avada C Jun 6, 2026
m*t*l*n*e*k*d*.com 🔒 7.0 twentytwentyfour F Jun 6, 2026
c*n*u*s*s.a*u*i.o*g.br 🔒 7.0 osmosis F Jun 6, 2026
t*i*a*r*u*.com 🔒 6.9.4 glypt F Jun 6, 2026
t*i*p*n*h*r*.com 🔒 Unknown specular A Jun 6, 2026
t*i*l*c.com 🔒 5.7.15 astra F Jun 6, 2026
t*i*l*.com 🔒 6.9 colibri-wp F Jun 6, 2026
t*i*i*.com 🔒 7.0 hello-elementor D Jun 6, 2026
t*i*g*c*e*t*o*s.com 🔒 7.0 vw-photography-pro F Jun 6, 2026
t*i*d*n*t*d*o.com 🔒 Unknown Divi F Jun 6, 2026
t*i*a*i*r*n*i*g.com 🔒 Unknown gallery_tcd012 F Jun 6, 2026
t*i*y*e*e*a*.com 🔒 7.0 publisher F Jun 6, 2026
t*i*v*n*r*d*c*s.com 🔒 Unknown landscape F Jun 6, 2026
t*i*v*s*n*t*y*e.com 🔒 7.0 stairway F Jun 6, 2026
t*i*v*r*c*r*o*a*i*n.com 🔒 6.4.3 rigel F Jun 6, 2026
t*i*u*r*s*a*t*o*e.com 🔒 6.9.4 flatsome F Jun 6, 2026
t*i*u*e*.com 🔒 Unknown Divi F Jun 6, 2026
t*i*u*a*v*n*x*a*.com 🔒 6.2.9 flatsome F Jun 6, 2026
Copyright 2026, tldwp.com. All rights reserved. WordPress OSINT or security needs? Reach out!