The Smart User Slug Hider Plugin hides usernames in Author Pages URLs to enhance Security
The plugin automatically replaces user names with 16 digits coded strings. There are no settings. Just install and forget. Deactivating the Plugin restores the default WordPress behavior.
Version 4.0.0 Update Notice
Previous versions of this plugin used a function that was removed in PHP 7.2. Version 2 of this plugin introduced a so called Future Proof Mode, that used a different encryption method to work with PHP 7.2 and newer.
In version 4.0.0 only this new method is available. The old method was completely removed.
Unfortunately it is not possible to get the same result. This means that the coded User Slug changes if you haven’t activated Future Proof Mode yet.
Why use this plugin?
WordPress uses the pattern
example.com/author/name for author page URLs where
name represents the users login name.
This means that the login names from all your users are publicly visible which is a serious security flaw.
The Smart User Slug Hider Plugin changes all author page URLs from e.g.
example.com/author/john to something like
The codes are generated automatically and its impossible to make conclusions about the user names. The WordPress default URLs will cause a 404 (not found) error.
Also works for BuddyPress member pages.
As of version 4.0.0 also the author class from body tag is removed (see this topic)
The plugin adds three shortcodes you can use in your posts:
[smart_user_slug]— the user slug of the post author — e.g. e9e716def73f76ac
[smart_user_url]— the url of the post author’s profile page — e.g. example.com/author/e9e716def73f76ac
[smart_user_link]— adds a link to the post author’s profile page
The plugin adds two functions that can be used in theme files:
get_smart_user_slug( $author_id )to get the user slug for the author — the parameter $author_id is optional, if omitted the author`s ID of the current post is used
the_smart_user_slug( $author_id )to display the user slug for the author — the parameter $author_id is optional, if omitted the author`s ID of the current post is used
How to easily close a HUGE WordPress Security Gap using the free Plugin Smart User Slug Hider
Do you like this plugin?
I spend a lot of my precious spare time to develop and maintain my free WordPress plugins. You don’t need to make a donation. No money, no beer, no coffee. If you like this plugin then please do me a favor and give it a good rating. Thanks.
Plugin Privacy Information
- This plugin does not set cookies
- This plugin does not collect or store any data
- This plugin does not send any data to external servers
Peters’ Plugins Privacy Information Page
This plugin is compatible with ClassicPress.
More plugins from Peter
- 404page — Define any of your WordPress pages as 404 error page
- hashtagger — Tag your posts by using #hashtags
- smart Custom Display Name — Set your Display Name to anything you like
- See all
none so far
Contributors & Developers
“Smart User Slug Hider” is open source software. The following people have contributed to this plugin.Contributors
“Smart User Slug Hider” has been translated into 3 locales. Thank you to the translators for their contributions.
Translate “Smart User Slug Hider” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
- do not rely on SERVER_ADDR only (see support ticket)
- just cosmetics
- Plugin Foundation updated to PPF08
- minor UI adjustments
- remove user class from body tag (See here)
- always use Future Proof Mode, old method removed
- rewritten based on my Plugin Foundation PPF03
- Future Safe Mode renamed to Future Proof Mode
- automatically activate Future Proof Mode if mcrypt is not availabe
- code improvement
- UI improvements
- changed capability to manage_options to display admin page
- Future Safe Mode
- faulty display in WP 4.9 fixed
- fix for BuddyExtender plugin
- BuddyPress compatibility
- redesigned admin interface
- code improvement
- Shortcodes added
- Theme Functions added
- Code optimization
- Plugin info page added
- Initial Release