By scanning WordPress url's it is possible to find valid user accounts for use with brute force attacks.. This can possible be prevented by using techniques like on this page: https://perishablepress.com/stop-user-enumeration-wordpress/ My question is: can WPMU Dev's please investigate this technique and if it's working, include it in the Defender Plugin? (there is a .htaccess solution). Thank you very much !!