The option: Prevent discovery of usernames through '?/author=N' scans
is not fully function as expected.
A WPScan test reals that, 1 of the 3 existing users is discoverable by using ?author='N'. A direct query also suggest that, this feature not fully function.
Using a snippet in .htaccess file which offers the same function did the trick.
Is it a bug?