Alert from the the WPScan Team: a glitch in Wordfence version 7.1.12 enabled people to discover usernames if they did the username query using the ‘WWW’ version of the domain name.
This was fixed in version 7.1.14 – make sure you have updated..!
Stay safe,

Martin Malden
Owner – WP Security Basics
P.S.Is your WordPress website as secure as it could be? Take a look at the WordPress security products I have reviewed (I use all of them and I’d be happy to answer any questions you may have):