the_author_posts_link() generates links with username instead of display name - this is insecure
|Reported by:||asdfasd567||Owned by:|
Any instance of using username instead of display name is susceptible to the same vulnerabilities that leaving your username as "admin" is.
Suggest changing this, starting with the most common functions like the_author_posts_link() so the links generated aren't http://foo.com/author/MySecretUsername
http://wordpress.org/extend/plugins/display-name-author-permalink aims to fix this, but it throws an error on activation.
Possible to make this part of core?
Change History (11)
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed