Free WordPress Stop User Enumeration pluginFree
Stop User Enumeration is a security plugin designed to detect and prevent hackers scanning your site for user names.
User Enumeration is a type of attack where nefarious parties can probe your website to discover your login name. This is often a pre-cursor to brute-force password attacks. Stop User Enumeration helps block this attack and even allows you to log IPs launching these attacks to block further attacks in the future.
If you are on a VPS or dedicated server, as the attack IP is logged, you can use (optional additional configuration) fail2ban to block the attack directly at your server’s firewall, a very powerful solution for VPS owners to stop brute force attacks as well as DDoS attacks.
If you don’t have access to install fail2ban ( e.g. on a Shared Host ) you can still use this plugin. To make it more effective, you can also install Fullworks Firewall, which will work in a similar way to fail2ban but on your WordPress site.
Since WordPress 4.5 user data can also be obtained by API calls without logging in, this is a WordPress feature, but if you don’t need it to get user data, this
plugin will restrict and log that too.
Source from: WordPress.org