Author Link Security Issue
-
WordPress allows a login username to have a nick-name and display-name.
I’ve always thought that this was useful to hide the username that someone actually uses to log into the website.
For example if an admin username is ‘Fred’ a nickname and display-name of ‘Bob” can be setup. When Fred publishes a post the name Bob shows up as the author.
That hides the website username Fred from the internet and therefore removes from hackers half the information they need to password attack your site.
Unfortunately, many themes show the author name as a link. If you hover over the Bob author link you would unfortunately see the admin username Fred so the real website username is therefore available on the internet.
I’ve used an admin role in the example above but it applies to all roles.
I’m either missing something about how this works or this appears to be a security issue?
- The topic ‘Author Link Security Issue’ is closed to new replies.