Username Exposed
-
This question is for Security.
How can I display nickname only instead username in links?I found this functions.php:
add_filter( 'request', 'wpse5742_request' ); function wpse5742_request( $query_vars ) { if ( array_key_exists( 'author_name', $query_vars ) ) { global $wpdb; $author_id = $wpdb->get_var( $wpdb->prepare( "SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key='nickname' AND meta_value = %s", $query_vars['author_name'] ) ); if ( $author_id ) { $query_vars['author'] = $author_id; unset( $query_vars['author_name'] ); } } return $query_vars; }add_filter( 'author_link', 'wpse5742_author_link', 10, 3 ); function wpse5742_author_link( $link, $author_id, $author_nicename ) { $author_nickname = get_user_meta( $author_id, 'nickname', true ); if ( $author_nickname ) { $link = str_replace( $author_nicename, $author_nickname, $link ); } return $link; }It works, but only with Blog Posts, not in:
Comments, meta, widgets, etc.
Neither for: buddypress (activity, groups, members, notifications, etc.) and bbpress forums.If you Right Click on Public Name you can see the Username in:
https://www.yoursite.com/author/username (in Comments)
https://www.yoursite.com/members/username
https://www.yoursite.com/forums/profile/usernameAlso, If you go to a Buddypress Profile, you can see, for example:
John Doe
@johnstack (username)==========================
The correct:
John Doe
@johndoe (nickname)https://www.yoursite.com/author/nickname
https://www.yoursite.com/members/nickname
https://www.yoursite.com/forums/profile/nicknamePlease, any solution for Forcing to Show the Nickname Only (based on your first name and last name) in Profile and all Links.
-
Hi,
The “issue” you describe is not caused by this plugin and is simply just the way WordPress works.
In my opinion there are other things which are much more urgent in terms of security than the exposure of someone’s username.
To alleviate your concerns and mitigate any security issues you should as a matter of habit be using a strong password and additionally you should also be hiding your login page using one of the brute force features of this plugin.
Therefore based on this and also the fact that I have more urgent tasks on my plate this is not something I will be addressing in the near term.
Thanks for the info anyway.Hi!
Username Exposed is a weak point in Communities, Forums (working with BuddyPress, BbPress).
Any malicious person can hack the accounts of the Members, and bring down the Community for lack of this Security Measure.
For this reason, I am making the request.
If you can not help now, please tell another one of your colleagues. The basic code is here. Unfortunately, I do not get php. But I did try this code and it works, but ONLY with Blog Posts. @wpsolutionsAlso, check this ===::: restrict-user-registration-to-emails-on-a-single-domain
Other Measure is: Force members to use strong password; yes, Wordfence has this, but does not work with BP register.
There are Not plugins for this security measure. Only this php code and similar, but this does not work with buddypress… this code only work in Blog Posts. Changing author username for author nickname! But this php code can be adapted and improved.
@wpsolutions@svtx
This plugin does not work with buddypress, bbpress… but thanks for comment.Here I shared this php code, this really work, but ONLY with author Blog Posts. Not in: comments, etc.
I’m looking for a full solution based in this code or similar… But nobody help!
- The topic ‘Username Exposed’ is closed to new replies.
