Author scanning is very helpful for hackers for DDoS and Brute-Force attacks. We should stop it if we are using a WordPress site.

Normally we use Apache webserver for WordPress sites. Apache server can be configured on runtime by adding some code in the .htaccess file. Typically the location of this file is your webroot.

Add the following code to the .htaccess file to prevent such kind of scanning:

RewriteEngine On

RewriteBase /

RewriteCond %{QUERY_STRING} (author=\d+) [NC,OR]
RewriteCond %{REQUEST_URI} ^.wp-json/wp/v2/(users) [NC]
RewriteRule . - [F]

Please feel free to reach out to us if you still face any problems.