By default, WordPress uses the username for the author archive page URL. Yoast SEO uses the same archive URL when building the sitemap.
There are a number of ways to change the author archive URL. This article has some suggestions and there are a few plugins that offer this feature.
Once the author archive URL is changed to not include the username, the sitemap should update automatically.
Thanks amboutwe… Today I also looked a bit more into the background. I guess for a site that needs to display author names, one of the plugins would make sense as changing the behavior in php is indeed a bit more complicated.
I actually think it would make a lot of sense for WordPress to manage the creation of the username and the display name during account creation to help with security, make for more attractive display names and prevent duplicates all at the same time. My experience yesterday was pretty crazy – when I still had Author archives active, within 12 hours of generating a new user, it was hit and locked out over 450 times. Within an hour after deactivating Author archives, lockouts have slowed to a trickle.
Anyway, still might be a nice feature for Yoast or Yoast Premium.
Feature requests can be submitted to our GitHub repository for Yoast SEO. You will need an account to create a new issue for your feature request.
Please provide as much information about the feature request and don’t forget to include the URL to this conversation in your feature request!
One thing to note: As similar requests regarding usernames being shown (like this one) have been closed; please elaborate in detail why you feel the issue should be considered SEO territory verses being part of a security plugin where most username related solutions tend to exist.
So to follow up on this… This may be anecdotal but it seems that with Yoast SEO disabled (no other changes), no usernames are being extracted from this site but with Yoast SEO enabled, even with Author archives turned off, user names are being detected.
What I did was:
– Disable Yoast SEO
– Create a new user
– Delete the old user
– Assign all the content to the new user and Wait…
During the next 24 hours+, no logins were attempted with the new username.
I then reactivated Yoast and within about an hour, that new username started showing up on the list of blocked login attempts.
What this seems to indicate is that while the default condition of WordPress is to show usernames, it is possible to block their exposure. But apparently there is another access point via Yoast. Do you know what that is? Do you need more info?
Thanks
-
This reply was modified 5 years, 8 months ago by
manOmedia.
For the new user, is the username selected for the ‘Display name publicly as’ option? You can check this under Admin > Users > Edit User > Name (section)
If the display name is the same as the username, please try the experiment again but this time change the display name to something other than the username before activating Yoast SEO.
Note: I randomly checked a handful of pages on my local test environment and am not able to find anywhere that Yoast SEO outputs the username in the source code with the exception of author archive URLs and when the display name and username are identical.
For the new user, is the username selected for the ‘Display name publicly as’ option?
No, ‘Nickname’ and ‘Display name publicly’ are both set to a different name. That was done immediately after creating the new user and Yoast was already deactivated.
I randomly checked a handful of pages on my local test environment and am not able to find anywhere that Yoast SEO outputs the username in the source code with the exception of author archive URLs and when the display name and username are identical.
Hmmm, well you obviously agree that while the test is not 100%, it does seem to point at some sort of exposure by Yoast.
Just curious, when I first realized Yoast was creating the Authors link for the sitemap, I played around a bit and do not believe I saw any difference in /author-sitemap.xml when ‘Nickname’ and ‘Display name publicly’ were the same vs different than the real username. Is that output supposed to change based on those names?
23:00cet (17:00 US eastern time) I just started a new test that I will let run longer.
– Yoast deactivated
– New user created
– ‘Nickname’ and ‘Display name publicly’ changed
– Bulk edit – Assigned all content to the new user
I will let it sit this way till sometime Monday so 36 to 48 hours.
Presuming no hits to the new user name I will then reactivate Yoast and see what happens…
BTW – Bedankt, ik ben vergeten dat Yoast een Nederlands bedrijf is, maar ik blijf bij Engels. Schrijven is niet makkelijk voor mij, maar lezen en spreken is prima.
The saga continues – Presuming it’s not reasonably possible to make a call to a disabled plugin vs totally deleted, it is evidently not Yoast. It took longer but the new username started getting hits and Yoast is still disabled… Jeeeeze
Hi @manomedia,
Thanks for letting us know. Unfortunately, there’s nothing we can do in this case. If you believe this should be a feature of Yoast SEO, then you can submit a request on our GitHub repository.
