Home / Questions / Issues / Possible security issue?

Possible security issue?

Solved5.17K viewsIssues
0

Hi Guys,

When viewing the “about” page of any AnsPress user i’ve noticed in the address bar that the users “username” is displayed rather than “display name publicly as”. This worries me a little because it exposes a users login name. Is there any easy way this can be changed so the link includes the name the user wishes displayed rather than their username?

 

Thanks

2 Answers

0
4.19K 1 Comment

WordPress has several such security holes.

Try this one on your site:

www.yourwebsite.com/?author=1

and you will see the name (replace the number to 2,3,4,5,6 and see all the usernames). AND #1 is ALWAYS the Admin. Go figure.

commented on answer
MisterFixit commented

It would if my website wasn’t configured to display a “forbidden” error if that was tried, yes I agree

You are viewing 1 out of 2 answers, click here to view all answers.

Resources

FAQ Frequently Asked Questions.
Getting Started Learn the basics to get your WordPress project up and running.
Updates Everything you need to know about updating AnsPress.
Functions AnsPress functions
Hooks AnsPress actions and filters
Classes AnsPress classes
Methods AnsPress methods