Support » Themes and Templates » ?author=1… 2… 3… how to stop it?

  • Hi,

    I would like to forbid people to seek for my username by typing (or 2, 3,4,5… until they get my user id)

    How to block it?


    On hardening wordpress they say to change ur admin user by creating a new one… but after it is so easy for a “hacker” to find it by using ?author= ….

    any help? i tried to put a redirect function (if ( is_author() ) { etc…) but this doesn’t hide my user id in the address bar of the browser…

Viewing 3 replies - 1 through 3 (of 3 total)
  • I don’t think it’s possible. Lots of discussions about it though. Here’s a quick one I picked off of Google.


    I found these solutions:

    First solution:

    RewriteCond %{REQUEST_URI}  ^/$
    RewriteCond %{QUERY_STRING} ^/?author=([0-9]*)
    RewriteRule ^(.*)$ [L,R=301]


    but i have troubles with the redirect… it always include the /?author=1 string… so if i specify my home page it generates an infinite redirect!

    Second solution:
    Specify a redirect 301 in the htaccess. ex: /author/name /
    it works but the redirect is not instantaneous and it shows the url before to redirect it…

    third solution:
    use RewriteRule for to make a redirect
    but I’m not sure how to write it… i tried smth like:
    RewriteRule /author/name /



    The solution you found on question-defense should work, but the RewriteRule is missing a character to remove the query string from the rewritten URL. This should work (note the additional ‘?’ at the end of the rewritten URL):

    RewriteCond %{REQUEST_URI}  ^/$
    RewriteCond %{QUERY_STRING} ^/?author=([0-9]*)
    RewriteRule ^(.*)$ [L,R=301]
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘?author=1… 2… 3… how to stop it?’ is closed to new replies.