[ad_1]
For years now I’ve seen clients request “GET /?author=1” where 1 could be numbers 1-10, usually in sequence. It’s always gets a 404 Not Found response, but this hasn’t stopped strangers from asking for it every day for literally years.
I know, I know, it’s certain to be a bot looking for exploits. It’s just… daily requests for years, from uncountable number of sources, always 404 Not Found. I’m very curious what are they looking for (and what will I cripple if I drop a roadblock in front of them) ? I found one mention of “author” [in the WordPress API doccos](https://developer.wordpress.org/rest-api/reference/posts/) but they’re not asking for the API endpoint, they’re asking the front page.
[ad_2]
Probably trying to get admin account name/whatever, since in WordPress it would often be same as first/main author (creating separate admin and author accounts isn’t typical for smaller sites or enforced/suggested by workflows).
Brute force attacks are more common than people think on WordPress.
The objective is to get the name of the first author (normally, the admin).
From there, they can try to log in with that name and random passwords until the attack is successful.
Configure a WAF (Web Application Firewall) on your WordPress site, and if you are managing your own server, configure fail2ban to quickly ban IP addresses that try to access the login page after a certain number of attempts.
They are enumerating your user names for stuffing and brute force attacks.