Disable /?author= for logged in users

  • raymundang

    (@raymundang)


    8 years ago

    While testing the plugin, I noticed that logged out users are forbidden from accessing /?author= URL string but regular users can. It would also be good to prevent logged in users from accessing /?author= , especially regular users.

    Thanks.

Viewing 1 replies (of 1 total)
  • Plugin Author fullworks

    (@fullworks)

    8 years ago

    Hi Ray,

    yes that is by design at the moment, as in logged in user are not restricted. The original intent of the program was to restrict hackers ( and the assumption if a hacker is logged in then you have bigger problems ).

    Blanket restriction of author access does break some features in admin ( like sorting posts by author ) however I understand your request is related to making a site GDPR compliant and that having logged in users, especially non admin being able to enumerate users is not desirable.

    I will consider this and see if I can have a solution in a near future release.

    Alan

Viewing 1 replies (of 1 total)

The topic ‘Disable /?author= for logged in users’ is closed to new replies.

  • 1 reply
  • 2 participants
  • Last reply from: fullworks
  • Last activity: 8 years ago
  • Status: not a support question