smart User Slug Hider

Description

The smart User Slug Hider Plugin hides usernames in Author Pages URLs to enhance Security

Usage

The plugin automatically replaces user names with 16 digits coded strings. Just install and forget. Deactivating the Plugin restores the default WordPress behavior.

Why use this plugin?

WordPress uses the pattern example.com/author/name for author page URLs where name represents the users login name.

This means that the login names from all your users are publicly visible which is a serious security flaw.

The smart User Slug Hider Plugin changes all author page URLs from e.g. example.com/author/john to something like example.com/author/e9e716def73f76ac.

The codes are generated automatically and its impossible to make conclusions about the user names. The WordPress default URLs will cause a 404 (not found) error.

Also works for BuddyPress member pages.

Future Proof Mode

As of PHP version 7.1 the functions so far used by this plugin for encryption are marked as deprecated and your webserver may show a PHP Warning. Future Proof Mode causes the plugin to use other encryption functions that are recommended as substitutes.

Unfortunately it is not possible to get the same result. This means that the coded User Slug changes if Future Proof Mode is activated.

If you have not used this plugin yet, it is highly recommended to activate Future Proof Mode.

If you have already used this plugin in the past please consider that activating Future Proof Mode changes the URLs of all Author Pages!

As of PHP version 7.2 the old functions have been removed from PHP core. The mcrypt extension now is available as an unofficial PECL extension. If this PECL extension is installed on your webserver this old functions are still available, so it is not mandatory to activate Future Proof Mode.

If you update to PHP 7.2 or newer without having the mcrypt extension installed on your webserver, the plugin automatically activates Future Proof Mode and it is not possible to deactivate it – otherwise WordPress would crash.

However, sooner or later you’ll be forced to activate Future Proof Mode.

Shortcodes

The plugin adds three shortcodes you can use in your posts:

  • [smart_user_slug] – the user slug of the post author – e.g. e9e716def73f76ac
  • [smart_user_url] – the url of the post author’s profile page – e.g. example.com/author/e9e716def73f76ac
  • [smart_user_link] – adds a link to the post author’s profile page

Theme Functions

The plugin adds two functions that can be used in theme files:

  • get_smart_user_slug( $author_id ) to get the user slug for the author – the parameter $author_id is optional, if omitted the author`s ID of the current post is used
  • the_smart_user_slug( $author_id ) to display the user slug for the author – the parameter $author_id is optional, if omitted the author`s ID of the current post is used

Support

Support Forum.

Video

How to easily close a HUGE WordPress Security Gap using the free Plugin smart User Slug Hider

Do you like this plugin?

I spend a lot of my precious spare time to develop and maintain my free WordPress plugins. You don’t need to make a donation. No money, no beer, no coffee. If you like this plugin then please do me a favor and give it a good rating. Thanks.

Plugin Privacy Information

  • This plugin does not set cookies
  • This plugin does not collect or store any data
  • This plugin does not send any data to external servers

Peters’ Plugins Privacy Information Page

ClassicPress

This plugin is compatible with ClassicPress.

More plugins from Peter

Stay up to date

Follow me on Facebook
YouTube Channel

Screenshots

  • Automatically enabled Future Proof Mode when using PHP 7.2 without mcrypt PECL extension

FAQ

none so far

Reviews

August 30, 2019
I used to install "Edit Author Slug" in every one of my website, but I always wished for simpler settings. I love this "smart User Slug Hider" because it needs no configuration if you have installed WordPress in PHP 7.2 or newer. It has been working perfectly so far, and seems to be lightweight. I'd highly recommend this plugin over "Edit Author Slug" if there will be only one author in a website, because it is unlikely for viewers to bookmark the author archive page, thus the page doesn't need a comprehensible URL.
August 19, 2019
As a web developer I have many websites out there and recently a client's site was hacked into. The mess that resulted required a complete rebuild. I would not want to go through that again. I already use 'login limited reload' and 'two-factor' log in so I must be fairly safe but it was irritating me that hackers can so easily find a username. Not any longer thanks to this plug in. Just activate and you're there but don't forget to change your WordPress display name so it does not show your username in the source code. Thank you Peter.
January 29, 2019
I'm about to launch a BuddyPress network and want to comply with GDPR/DSGVO rules and user demands fo privacy as much as possible. This plugin is a must have! 1000 Dank.
January 15, 2019
Excellent! I've been wondering for ages about this issue! Now it's fixed!!
December 16, 2018
Not much more to say, it does exactly what it needs to do. In conjunction with Limit Login Attempts, keeps the 'bots and other casual pests at bay.
Read all 26 reviews

Contributors & Developers

“smart User Slug Hider” is open source software. The following people have contributed to this plugin.

Contributors

“smart User Slug Hider” has been translated into 2 locales. Thank you to the translators for their contributions.

Translate “smart User Slug Hider” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

3 (2018-12-31)

  • Future Safe Mode renamed to Future Proof Mode
  • automatically activate Future Proof Mode if mcrypt is not availabe
  • code improvement
  • UI improvements
  • changed capability to manage_options to display admin page

2 (2018-03-14)

  • Future Safe Mode

1.5 (2017-11-16)

  • faulty display in WP 4.9 fixed

1.4 (2017-07-15)

  • fix for BuddyExtender plugin

1.3 (2017-07-17)

  • BuddyPress compatibility
  • redesigned admin interface
  • code improvement

1.2 (2016-10-04)

  • Shortcodes added
  • Theme Functions added

1.1 (2016-06-30)

  • Code optimization
  • Plugin info page added

1.0 (2014-10-02)

  • Initial Release