Title: Username Exposed
Last modified: January 31, 2017

---

# Username Exposed

 *  Resolved [livingflame](https://wordpress.org/support/users/livingflame/)
 * (@livingflame)
 * [9 years, 2 months ago](https://wordpress.org/support/topic/username-exposed/)
 * This question is for Security.
    How can I display nickname only instead username
   in links?
 * I found this _functions.php_:
 *     ```
       add_filter( 'request', 'wpse5742_request' );
       function wpse5742_request( $query_vars )
       {
           if ( array_key_exists( 'author_name', $query_vars ) ) {
               global $wpdb;
               $author_id = $wpdb->get_var( $wpdb->prepare( "SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key='nickname' AND meta_value = %s", $query_vars['author_name'] ) );
               if ( $author_id ) {
                   $query_vars['author'] = $author_id;
                   unset( $query_vars['author_name'] );    
               }
           }
           return $query_vars;
       }
       ```
   
 *     ```
       add_filter( 'author_link', 'wpse5742_author_link', 10, 3 );
       function wpse5742_author_link( $link, $author_id, $author_nicename )
       {
           $author_nickname = get_user_meta( $author_id, 'nickname', true );
           if ( $author_nickname ) {
               $link = str_replace( $author_nicename, $author_nickname, $link );
           }
           return $link;
       }
       ```
   
 * It works, but only with Blog Posts, not in:
 * Comments, meta, widgets, etc.
    Neither for: buddypress (activity, groups, members,
   notifications, etc.) and bbpress forums.
 * If you Right Click on Public Name you can see the Username in:
 * [http://www.yoursite.com/author/username](http://www.yoursite.com/author/username)(
   in Comments)
    [http://www.yoursite.com/members/username](http://www.yoursite.com/members/username)
   [http://www.yoursite.com/forums/profile/username](http://www.yoursite.com/forums/profile/username)
 * Also, If you go to a Buddypress Profile, you can see, for example:
 * John Doe
    @johnstack (username)
 * ==========================
 * The correct:
 * John Doe
    [@johndoe](https://wordpress.org/support/users/johndoe/) (nickname)
 * [http://www.yoursite.com/author/nickname](http://www.yoursite.com/author/nickname)
   
   [http://www.yoursite.com/members/nickname](http://www.yoursite.com/members/nickname)
   [http://www.yoursite.com/forums/profile/nickname](http://www.yoursite.com/forums/profile/nickname)
 * Please, any solution for Forcing to Show the Nickname Only (based on your first
   name and last name) in Profile and all Links.
 * [@azunyann](https://wordpress.org/support/users/azunyann/)
    [@wpsolutions](https://wordpress.org/support/users/wpsolutions/)
    -  This topic was modified 9 years, 2 months ago by [livingflame](https://wordpress.org/support/users/livingflame/).
    -  This topic was modified 9 years, 2 months ago by [livingflame](https://wordpress.org/support/users/livingflame/).
    -  This topic was modified 9 years, 2 months ago by [livingflame](https://wordpress.org/support/users/livingflame/).

Viewing 9 replies - 1 through 9 (of 9 total)

 *  Thread Starter [livingflame](https://wordpress.org/support/users/livingflame/)
 * (@livingflame)
 * [9 years, 2 months ago](https://wordpress.org/support/topic/username-exposed/#post-8726592)
 * [@wpsolutions](https://wordpress.org/support/users/wpsolutions/)
 * Please, Help here!
 *  Plugin Contributor [wpsolutions](https://wordpress.org/support/users/wpsolutions/)
 * (@wpsolutions)
 * [9 years, 2 months ago](https://wordpress.org/support/topic/username-exposed/#post-8727424)
 * Hi,
    The “issue” you describe is not caused by this plugin and is simply just
   the way WordPress works. In my opinion there are other things which are much 
   more urgent in terms of security than the exposure of someone’s username. To 
   alleviate your concerns and mitigate any security issues you should as a matter
   of habit be using a strong password and additionally you should also be hiding
   your login page using one of the brute force features of this plugin. Therefore
   based on this and also the fact that I have more urgent tasks on my plate this
   is not something I will be addressing in the near term. Thanks for the info anyway.
    -  This reply was modified 9 years, 2 months ago by [wpsolutions](https://wordpress.org/support/users/wpsolutions/).
    -  This reply was modified 9 years, 2 months ago by [wpsolutions](https://wordpress.org/support/users/wpsolutions/).
 *  Thread Starter [livingflame](https://wordpress.org/support/users/livingflame/)
 * (@livingflame)
 * [9 years, 2 months ago](https://wordpress.org/support/topic/username-exposed/#post-8729425)
 * Hi!
 * Username Exposed is a weak point in Communities, Forums (working with BuddyPress,
   BbPress).
 * Any malicious person can hack the accounts of the Members, and bring down the
   Community for lack of this Security Measure.
 * For this reason, I am making the request.
    If you can not help now, please tell
   another one of your colleagues. The basic code is here. Unfortunately, I do not
   get php. But I did try this code and it works, but ONLY with Blog Posts. [@wpsolutions](https://wordpress.org/support/users/wpsolutions/)
 * Also, check this ===::: [restrict-user-registration-to-emails-on-a-single-domain](https://wordpress.org/support/topic/restrict-user-registration-to-emails-on-a-single-domain-2/)
 * Other Measure is: Force members to use strong password; yes, Wordfence has this,
   but does not work with BP register.
    -  This reply was modified 9 years, 2 months ago by [livingflame](https://wordpress.org/support/users/livingflame/).
    -  This reply was modified 9 years, 2 months ago by [livingflame](https://wordpress.org/support/users/livingflame/).
    -  This reply was modified 9 years, 2 months ago by [livingflame](https://wordpress.org/support/users/livingflame/).
    -  This reply was modified 9 years, 2 months ago by [livingflame](https://wordpress.org/support/users/livingflame/).
 *  Plugin Contributor [wpsolutions](https://wordpress.org/support/users/wpsolutions/)
 * (@wpsolutions)
 * [9 years, 2 months ago](https://wordpress.org/support/topic/username-exposed/#post-8729574)
 * Thanks for the info.
    At this stage we will not be implementing such a feature.
   You are free to use another plugin if this one does not suit your needs.
    -  This reply was modified 9 years, 2 months ago by [wpsolutions](https://wordpress.org/support/users/wpsolutions/).
 *  Thread Starter [livingflame](https://wordpress.org/support/users/livingflame/)
 * (@livingflame)
 * [9 years, 2 months ago](https://wordpress.org/support/topic/username-exposed/#post-8729609)
 * There are Not plugins for this security measure. Only this php code and similar,
   but this does not work with buddypress… this code only work in Blog Posts. Changing
   author username for author nickname! But this php code can be adapted and improved.
   
   [@wpsolutions](https://wordpress.org/support/users/wpsolutions/)
    -  This reply was modified 9 years, 2 months ago by [livingflame](https://wordpress.org/support/users/livingflame/).
 *  [SVTX](https://wordpress.org/support/users/svtx/)
 * (@svtx)
 * [9 years, 2 months ago](https://wordpress.org/support/topic/username-exposed/#post-8732649)
 * I believe these are the droids you’re looking for:
    [https://wordpress.org/plugins/edit-author-slug/](https://wordpress.org/plugins/edit-author-slug/)
 * I use that plugin a lot but it needs to be clear that this isn’t a 100% guarantee
   someone cannot somehow get that name. It just hides it from people looking up
   source code or trying free browser based scans. But yes, I get your point and
   I like the idea too.
 *  Thread Starter [livingflame](https://wordpress.org/support/users/livingflame/)
 * (@livingflame)
 * [9 years, 2 months ago](https://wordpress.org/support/topic/username-exposed/#post-8732721)
 * [@svtx](https://wordpress.org/support/users/svtx/)
    This plugin does not work
   with buddypress, bbpress… but thanks for comment.
 * Here I shared this php code, this really work, but ONLY with author Blog Posts.
   Not in: comments, etc.
 * I’m looking for a full solution based in this code or similar… But nobody help!
    -  This reply was modified 9 years, 2 months ago by [livingflame](https://wordpress.org/support/users/livingflame/).
 *  Thread Starter [livingflame](https://wordpress.org/support/users/livingflame/)
 * (@livingflame)
 * [9 years, 2 months ago](https://wordpress.org/support/topic/username-exposed/#post-8739119)
 * I see where the problem is.
 * By default, WordPress generates the nickname based on the User Name.
 * If one changes the Nickname, then the Username is not exposed.
 * However, doing this task manually is very tedious on a site with BuddyPress.
 * Therefore, what we need is a Php Code, which automatically changes the Nickname
   based on the First Name and Last Name of the User.
 * [@wpsolutions](https://wordpress.org/support/users/wpsolutions/)
    [@mbrsolution](https://wordpress.org/support/users/mbrsolution/)
 *  Thread Starter [livingflame](https://wordpress.org/support/users/livingflame/)
 * (@livingflame)
 * [9 years, 2 months ago](https://wordpress.org/support/topic/username-exposed/#post-8739347)
 * Courtesy of a kind man:
 * SOLUTION (functions.php):
 *     ```
       function set_default_display_name( $user_id ) {
       $user = get_userdata( $user_id );
       $name = sprintf( '%s %s', $user->first_name, $user->last_name );
       $nickname = sanitize_user( strtolower( str_replace( ' ', '', $name ) ) );
       $args = array(
       'ID' => $user_id,
       'display_name' => $name,
       'nickname' => $nickname,
       'user_nicename' => $nickname
       );
       wp_update_user( $args );
       }
       add_action( 'user_register', 'set_default_display_name' );
       ```
   
 * This code works fine with BuddyPress. So, I want want, try, check, and add this
   to your plugin.** Also Force users to use strong passwd. **

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘Username Exposed’ is closed to new replies.

 * ![](https://ps.w.org/all-in-one-wp-security-and-firewall/assets/icon-256x256.
   png?rev=2798307)
 * [All-In-One Security (AIOS) – Security and Firewall](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/)
 * [Active Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/)

## Tags

 * [admin](https://wordpress.org/support/topic-tag/admin/)
 * [hide](https://wordpress.org/support/topic-tag/hide/)

 * 9 replies
 * 3 participants
 * Last reply from: [livingflame](https://wordpress.org/support/users/livingflame/)
 * Last activity: [9 years, 2 months ago](https://wordpress.org/support/topic/username-exposed/#post-8739347)
 * Status: resolved