WordPress.org

Ready to get started?Download WordPress

Forums

User Avatar
Security Issue: User ID in the thumbnail URL (1 post)

  1. s_berntheisel
    Member
    Posted 1 year ago #

    Hey guys,

    I just want to discuss if it make sense to avoid the user id in the thumbnail URL. It allows an attacker to look up the User ID that comes staid from the DB. There are lots of WP system hardening strategies that reference similar topics.

    What you guys think? Make it sense to implement an additional name security/mapping layer? I would strongly recommend it.

    Stefan Berntheisel

    http://wordpress.org/extend/plugins/user-avatar/

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic