BETA · GateTest is in active polish ahead of public launch. Some flows are rough. Found a bug? hello@gatetest.ai — we're reading every message.
WordPress module

Wp User Enumerate

Checks if usernames can be enumerated via /?author=1, /wp-json/wp/v2/users, /author/admin/.

One of 104 modules in the GateTest scan suite. Catches the issue before it reaches code review, and on paid tiers opens a pull request with the fix already written.

Example finding from the wpUserEnumerate module

/?author=1 reveals login 'admin' via redirect

Why we catch it

Live-URL probes for the wp.gatetest.ai product. Run against any public WordPress site.

The Wp User Enumerate module sits in this category alongside 5 related modules. Together they form one of the layers of a GateTest scan — checks fire in parallel, findings cluster by root cause, and on paid tiers the AI auto-fix loop reads each finding, writes the fix, validates against the scanner, and opens a PR.

How GateTest covers wp user enumerate

  • Runs in every scan. Included on the Full ($99), Scan + Fix ($199), and Forensic Scan ($399) tiers. No additional configuration.
  • Free CLI. npm i -g gatetest && gatetest --module wpUserEnumerate against any local repo. No paywall on the scanning itself.
  • AI auto-fix PR. Scan + Fix tier opens a pull request with the fix, a regression test, and a pair-review by a second Claude. Forensic Scan tier adds per-finding diagnosis and cross-finding attack-chain correlation.
  • Honest confidence rating. Findings come with high / medium / low confidence so noisy patterns don't block the gate. The confidence-calibrator trainer reads customer suppressions and tightens rules over time.

Scan your repo for wp user enumerate

Free preview of the headline findings. Pay per scan — no subscription.

Run a scan — from $29See all 104 modules

Frequently asked questions

What does the Wp User Enumerate module catch?

Checks if usernames can be enumerated via /?author=1, /wp-json/wp/v2/users, /author/admin/. Example finding: /?author=1 reveals login 'admin' via redirect

Does GateTest fix Wp User Enumerate issues automatically?

Yes — on the Scan + Fix tier ($199) and Forensic Scan tier ($399), Claude reads the finding, writes the fix, validates against the scanner, writes a regression test, and opens a pull request for your review.

Which tiers include the Wp User Enumerate module?

The Full tier ($99), Scan + Fix tier ($199), and Forensic Scan tier ($399) include all 104 modules including Wp User Enumerate. The Quick tier ($29) only includes 4 essential modules.

Can I run the Wp User Enumerate module from the CLI for free?

Yes — install with `npm i -g gatetest` and run `gatetest --module wpUserEnumerate` against any local repository. Paid tiers add AI auto-fix and the cross-finding correlation work.

Related modules in WordPress

Wp Version Leak
Where the site leaks its core version (readme.html, meta generator, RSS feed, CSS/JS ver=).
Wp Plugin Cve Check
Detects installed plugins via fingerprinting and flags any with known CVEs.
Wp Php Version Eol
Detects the running PHP version and flags it if end-of-life.
Wp Theme Abandonment
Detects the active theme and flags it if abandoned, deprecated, or carrying known CVEs.
Wp Backup Validation
Whether a backup plugin is installed AND whether any backup files are publicly exposed.

Comparing GateTest to another tool?

vs. Snykvs. Sonarqubevs. Semgrepvs. Codeqlvs. Deepsourcevs. Eslintvs. Github Code Scanning