#48374 closed defect (bug) (invalid)
Username in Source Code
Reported by: | briannie | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Security | Keywords: | |
Focuses: | privacy | Cc: |
Description
I cannot understand why the username is clearly shown in the source code. I don't know if this should be shown under Defect, enhancement or feature request but it seems to be something that requires fixing.
Change History (4)
#2
@
5 years ago
Thanks for the quick response. My description was not that accurate. Hackers seem to know that by entering /?author=1 they will get the username. Here are two examples:
https://catoconsultancy.co.uk/?author=1
reveals
https://catoconsultancy.co.uk/author/chris-12
https://cherchat.org/?author=1
reveals
https://cherchat.org/author/amanda
I hope that helps.
#3
@
5 years ago
OK, I understood and I think your request in plugin territory
These URLs came from WordPress when it was only a Blog platform. Nowaday we make lots of kind of website and this URL allways exists.
If you want to disable, I suggest to redirect visitosrs with this kinfd of code:
function author_page_redirect() { if ( is_author() ) { wp_redirect( home_url() ); } } add_action( 'template_redirect', 'author_page_redirect' );
https://wordpress.stackexchange.com/questions/182236/completely-remove-the-author-url
#4
@
5 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Severity changed from major to normal
- Status changed from new to closed
Hello @briannie, welcome to WordPress Trac!
Usernames or user IDs not a security issue, see https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#why-are-disclosures-of-usernames-or-user-ids-not-a-security-issue.
Do not report potential security vulnerabilities here.
See the Security FAQ and visit the WordPress HackerOne program.
Hello @briannie and thanks to open a ticket
Where do you see the username in the source code?
Do you have a file and a line number to show us?