First of all let me apologize if this has already been discussed and I haven’t come across it yet.
I would like for the core team to take into consideration a change in the way usernames operate on the self hosted WordPress framework. With WordPress getting more and more popular I’m starting to concern myself more with securing my site and making sure that only permitted people are allowed access and non-permitted people stay out. However, I have noticed that there is one vulnerability that seems to always be present and that is the display of the username in posts. I completely understand the process of the username and why it works the way it does. However, I think it is time to change this and make WordPress a truly more secure framework.
My idea is to have the username be used only for access into the WordPress program and not continue into authorship functions. Currently when I’m writing a blog post, you can see my username that I use to access the WordPress site within the post (usually under the title and/or photo). Instead of having the ‘by’ or ‘from’ feature display my username ‘bigbob’, I would like it to say ‘Ben B’.
I have sometimes found ways around this like two plugins within the repo (http://wordpress.org/extend/plugins/user-name-security/) & (http://wordpress.org/extend/plugins/admin-username-changer/) but these aren’t perfect and they don’t always work because it isn’t part of the core coding of WordPress.
My idea would be to have another required field during sign-up and it could be called Author. This would allow me to have a username of ‘bigbob’ to gain access to the WordPress site but when I publish posts or when users are looking up past posts from different authors on the archive page, they can find my name ‘Ben B.’ and not my username of ‘bigbob’.
If I had the technical skills to do this I would but I just starting to learn some of the coding basics and perhaps I too can help out code-wise in the future.
Would love to hear what others think about this concept. Thanks for your time.
- The topic ‘Increase Security Starting With Username Change’ is closed to new replies.