WordPress.org

Make WordPress Core

Opened 3 months ago

Closed 3 months ago

Last modified 3 months ago

#53561 closed defect (bug) (invalid)

Posts publicly displaying my username even though I have selected a different name in profile settings.

Reported by: gabrieldiggs Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Security Keywords:
Focuses: Cc:

Description

The PHP in my post templates regarding author name to display on posts is

<?php echo $author_name; ?>

I have the "Display name publicly as" option in my user profile set to display my name "Gabriel Diggs"

Instead my posts are now showing my WordPress username which is a security vulnerability because that is the name I use to login to my admin. I tried changing the name and re-saving my user profile but no matter what name I choose it only shows my login username on posts now. Is this a known issue?

Change History (2)

#1 @desrosj
3 months ago

  • Component changed from General to Security
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from assigned to closed
  • Version 5.7.2 deleted

Hi @gabrieldiggs,

Thanks for this ticket!

Unfortunately, the amount of information provided is not enough to determine why your username is displaying instead of your display name. But this could be an intentional decision by the theme you are using.

The WordPress project also does not consider usernames or user IDs to be private or secure information. This is outlined in the Core Handbook on the Reporting Security Vulnerabilities page.

In the future, issues that are believed to be security problems should be disclosed responsibly and privately to the project's HackerOne account. If this were something that was considered a security issue that should be addressed, creating a public ticket here in Trac would expose every WordPress site to the vulnerability being detailed.

#2 @gabrieldiggs
3 months ago

Thanks for the quick follow up! This behavior is new. I've been using the same theme for many years and only just noticed this issue/change. So it could be my theme but it would be due to a recent change in the WordPress code that I need to compensate for with an update to my theme. I just have no idea where to start in troubleshooting this issue. Can you confirm that my theme is using the correct php language to display the Author name: <?php echo $author_name; ?>

Note: See TracTickets for help on using tickets.