I noticed that when you click on the author’s name on wordpress that the url uses the user’s “slug” which makes me feel a bit iffy since there are a lot of hackers going about. So, I wondered how to avoid the “slug” on the url.
I was thinking at first if I could change the rewrite_rule
but found if very difficult when trying to redirect the author template and then I found snippets by Jan Fabry while searching the internet for a solution.
It may be a few years old but it’s still better than nothing at all. I am currently using this function and hopefully, it’ll add some form of security and a piece of mind.
Changing the author URL:
add_filter( 'request', 'themename_author_request' ); function themename_author_request( $query_vars ) { if ( array_key_exists( 'author_name', $query_vars ) ) { global $wpdb; $author_id = $wpdb->get_var( $wpdb->prepare( "SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key='nickname' AND meta_value = %s", $query_vars['author_name'] ) ); if ( $author_id ) { $query_vars['author'] = $author_id; unset( $query_vars['author_name'] ); } } return $query_vars; }
Hook into the author_link:
add_filter( 'author_link', 'themename_author_link', 10, 3 ); function themename_author_link( $link, $author_id, $author_nicename ) { $author_nickname = get_user_meta( $author_id, 'nickname', true ); if ( $author_nickname ) { $link = str_replace( $author_nicename, $author_nickname, $link ); } return $link; }
You must log in to post a comment.