Security flaw: hacker can gain access to username

Support Forum Catch Everest

This topic has 2 replies, 2 voices, and was last updated 8 years ago by Mahesh.

Viewing 3 posts - 1 through 3 (of 3 total)

Author

Posts
March 21, 2016 at 12:05 am #87851

FinnJackson
Participant

Hello,

I am using Catch Everest for one of my sites and think it is very good.

Unfortunately, if I click on the author name of a post then it takes me to a list of all the posts by that author.
Although I use a nickname on the site, to hide my username from hackers, the theme helpfully shows the real username in the URL:

http://theeschercycle.com/author/bodmin/

I believe this is a security flaw.

Is it possible please to update and reissue the theme (using the nickname in the URL, or “author-5” as you do on one of your other themes).

Thank you

March 21, 2016 at 2:23 am #87854

FinnJackson
Participant

Update:
I have been recommended to use the Edit Author Slug plugin, which seems to solve the problem:
https://wordpress.org/plugins/edit-author-slug/

March 21, 2016 at 4:23 pm #87879

Mahesh
Keymaster

@finnjackson: Glad to know you’ve found the solution. Have a nice day!

Regards,
Mahesh
Author

Posts

Viewing 3 posts - 1 through 3 (of 3 total)

The topic ‘Security flaw: hacker can gain access to username’ is closed to new replies.