I noticed that when you click on the author’s name on wordpress that the url uses the user’s “slug” which makes me feel a bit iffy since there are a lot of hackers going about. So, I wondered how to avoid the “slug” on the url.
I was thinking at first if I could change the rewrite_rule but found if very difficult when trying to redirect the author template and then I found snippets by Jan Fabry while searching the internet for a solution.
It may be a few years old but it’s still better than nothing at all. I am currently using this function and hopefully, it’ll add some form of security and a piece of mind.
Changing the author URL:
add_filter( 'request', 'themename_author_request' );
function themename_author_request( $query_vars )
{
if ( array_key_exists( 'author_name', $query_vars ) ) {
global $wpdb;
$author_id = $wpdb->get_var( $wpdb->prepare( "SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key='nickname' AND meta_value = %s", $query_vars['author_name'] ) );
if ( $author_id ) {
$query_vars['author'] = $author_id;
unset( $query_vars['author_name'] );
}
}
return $query_vars;
}
Hook into the author_link:
add_filter( 'author_link', 'themename_author_link', 10, 3 );
function themename_author_link( $link, $author_id, $author_nicename )
{
$author_nickname = get_user_meta( $author_id, 'nickname', true );
if ( $author_nickname ) {
$link = str_replace( $author_nicename, $author_nickname, $link );
}
return $link;
}
You must log in to post a comment.