Security: telling hackers login usernames | WordPress.org

Resolved FinnJackson
(@innackson)

8 years, 1 month ago

Hi,

I am using the theme 2010 but I believe this vulnerability applies to several themes.

If you click on the author of a post then it takes you to a list of all the posts by that author.

Very helpful, except that the URL contains the actual login username of the author, instead of the nickname.
For example,
http://www.finnjackson.com/author/bodmin/

Is it possible to correct this vulnerability, by using the nickname in the URL instead?

Thanks

Viewing 3 replies - 1 through 3 (of 3 total)

Thread Starter FinnJackson
(@innackson)

8 years, 1 month ago

Update:
I have been recommended to use the Edit Author Slug plugin, which seems to solve the problem:
https://wordpress.org/plugins/edit-author-slug/

Moderator Jan Dembowski
(@jdembowski)

Forum Moderator and Brute Squad

8 years, 1 month ago

It’s not a security issue. It’s a very old discussion but the short version is that there is zero security in your username. People knowing your username or email isn’t a problem.

If you have strong passwords then you are secure. If you want, you can also add two factor authentication.

https://wordpress.org/plugins/search.php?q=two+factor

Thread Starter FinnJackson
(@innackson)

8 years, 1 month ago

ok, thank you

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Security: telling hackers login usernames’ is closed to new replies.

In: Everything else WordPress
3 replies
2 participants
Last reply from: FinnJackson
Last activity: 8 years, 1 month ago
Status: resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics