Support » Theme: Hueman » Site Security: Post source code reveals too much

  • Parwaiz Khan

    (@parwaiz-khan)


    Hello Nikeo,

    While looking at the ‘source code’ of my post, I noticed that some vital metadata (that I have blocked from displaying by putting css “display: none” code) was displayed there. It is also one of the security risk.

    Below, I have copied the code for your review (xxxxxxxxx inserted instead of name).

    <p class=”post-byline”>by <span class=”vcard author”>
    <span class=”fn”></span>
    </span> ·
    <time class=”published” datetime=”May 20, 2019″>May 20, 2019</time> </p>

    It may be coming from any where; single.php, content.php, archive.php, or index.php functions.php file.

    Can you guide me how to remove it using my ‘child theme’?

    Thank you very much for your help.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • emranemranx

    (@emranemranx)

    Hi Parwaiz,

    Here’re some 3rd-party articles that might be helpful in your case:

    https://code.tutsplus.com/articles/how-to-modify-the-parent-theme-behavior-within-the-child-theme–wp-31006

    https://mhthemes.com/support/overriding-parent-theme-functions-child-theme-tutorial/

    You can also hire a developer who can do this for you.

    Hi Parwaiz,
    may I ask you why do you think displaying the post author’s “Display name publicly as” (using this core function https://codex.wordpress.org/Function_Reference/the_author_posts_link) with a link to the author archive is a security risk?
    Thank you.

    Parwaiz Khan

    (@parwaiz-khan)

    Hi Rocco,

    You have been a great help to many of us who use these fantastic themes ( Hueman & Customizr). Thank you.

    As for my query, my concern was that if a hacker just add “?author=’username’” after the URL, it should be rather easy for the hackers to use brute force to figure out the password. 

    One of my site was hacked a few years ago. Someone had removed my username and added a new username. They couldn’t get the password, since WP sends a change of PW link only via the registered email.

    Since then I have implemented a series of steps to secure my sites, but, still, I am concerned about having my username visible to anyone who can look at the ‘page source’.

    I can use the aliases for the username, but I was trying to figure out a way to hide it by adding the right code into the ‘functions.php’ (or any other such file) via child theme.

    Anyhow, thank you so very much for looking into it.

    Parwaiz Khan

    (@parwaiz-khan)

    Hi Emranemranx,

    Thank you very much for looking into it and giving some useful information. I am going check it out and see if I have the capacity (and courage!) to fix it.

    All the best my friend.

    Parwaiz

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.