Wordpress version 5.6
while reading my logs, i discovered the following:
"GET //wp-json/wp/v2/users/ HTTP/1.1" 200 2402
As you can see, it returned a 200 Status Code response.
I used the above on my website to try and see what happens, and sure enough, the usernames were displayed.
I tried to report this on Hackerone, but Wordpress does not consider hiding usernames as part of security/authentication....or something along those lines. figures.
I however, do.
As such, I'd like to know if there is a way to stop this from happening with Admin Tools? I'd like to keep the usernames hidden.