How to Disable Yoast SEO Plugin Setting that Puts Bank and Credit Union Websites at Risk
If you manage a WordPress website for a bank, credit union, or other security-focused organization and you use Yoast SEO on the website, you should immediately check to see if you Yoast SEO is publishing an author XML site map. If it is, you could be exposing user identities to hackers, which can be very useful in brute force attempts to access your secure WordPress Dashboard.
One fast way to see if you are publishing usernames is to attempt to view the page "/author-sitemap.xml" on your website. For example, if your website is https://www.domain.com, then try visiting https://www.domain.com/author-sitemap.xml
If you see a listing of hyperlinks that also include users' names, then you should consider immediately disabling this feature within Yoast SEO.
To avoid exposing usernames in WordPress and Yoast SEO author archives, you can follow these steps:
Disable the author sitemap feature in Yoast SEO by going to the Yoast SEO Search Appearance > Archives and unchecking the "Enable author sitemaps" option. Yoast SEO published the steps to disable this feature here.
We recommend you also disable author pages using a technique like this one outlined by Mitch Bartlett. If you host your bank or credit union WordPress website with InetSolution, we provide a free plugin that will automatically do this for you.
Alternatively, you can use a plugin like Edit Author Slug which allow you to remove the author base from the URL structure of your author pages. This will make it more difficult for others to guess your usernames based on the URL of your author pages.
Lastly, make sure you're using strong and unique passwords for all user accounts on your website to prevent unauthorized access.
Note: Always make sure to take backup before making any changes to your WordPress website.
InetSolution also automatically performs these steps in our WordPress hardening services for bank websites and credit union websites using WordPress. This service is available to all banks and credit unions hosting WordPress websites with InetSolution.
Other Recent Blog Posts
Find this useful?
Want to receive our monthly tip to make your website easier to use and safer? No spam, just good advice. Signup!