smart User Slug Hider

Description

The smart User Slug Hider Plugin hides usernames in Author Pages URLs to enhance Security

使用

本插件自动以16位代码串替换用户名。安装即忘。取消激活插件会恢复默认的 WordPress 配置。

为什么使用这个插件?

WordPress 的作者页面链接使用诸如example.com/author/name这样的形式,其中的name表示用户的登录名。

这意味着您网站的所有用户的用户名将公开可见,这是一个很大的安全隐患。

smart User Slug Hider插件将所有像example.com/author/john的作者页面链接变成类似example.com/author/e9e716def73f76ac的样式。

这个代码是自动生成的,且无法逆推出用户名。访问 WordPress 默认的 URL 将提示 404(未找到)错误。

也适用于 BuddyPress 会员页面。

未来验证模式

从 PHP 7.1 版开始,本插件过去用于加密的函数被标记为已弃用,您的服务器可能会显示一则 PHP 警告。如果激活未来验证模式,本插件将使用推荐替代的其他加密函数。

不幸的是,加密的结果并不会相同。这意味着如果激活了未来验证模式,则编码过的用户 Slug 将会发生变化。

如果您过去从未使用过本插件,十分建议激活未来验证模式。

如果您过去曾经使用过本插件,请注意激活未来验证模式将改变所有作者页面的 URL

从 PHP 7.2 版开始,旧的函数已经从 PHP 核心中被移除。mcrypt 扩展现在是非官方支持的 PECL 扩展。如果这个 PECL 扩展已在您的服务器上安装,这个旧的函数仍然可用,这种情况下激活未来验证模式不是必须的。

如果您在服务器上升级 PHP 到不含 mcrypt 扩展的 7.2 或更新版本,本插件将自动激活未来验证模式并且无法将其停用,否则 WordPress 将会崩溃。

但是,总有一天您将不得不激活未来验证模式

短代码

该插件添加了三个可在文章中使用的短代码:

  • [smart_user_slug] —— 文章作者个人资料页面的 user slug —— 例:e9e716def73f76ac
  • [smart_user_url] —— 文章作者个人资料页面的 url —— 例:example.com/author/e9e716def73f76ac
  • [smart_user_link] —— 添加一个通向文章作者的个人资料页面的链接

主题函数

本插件添加了两个可在主题文件中使用的函数:

  • get_smart_user_slug( $author_id ) 用来获取 the user slug for the author —— 作者的user slug —— 其中的 $author_id 参数是可选的, 如果省略,则获取当前文章的作者 ID 。
  • the_smart_user_slug( $author_id ) 用来显示作者的user slug —— 其中的 $author_id 参数是可选的, 如果省略,则显示当前文章的作者 ID 。

支持

Support Forum.

视频

How to easily close a HUGE WordPress Security Gap using the free Plugin smart User Slug Hider

Do you like this plugin?

I spend a lot of my precious spare time to develop and maintain my free WordPress plugins. You don’t need to make a donation. No money, no beer, no coffee. If you like this plugin then please do me a favor and give it a good rating. Thanks.

插件隐私信息

  • 本插件不设置 cookies
  • 本插件不会收集或存储任何数据
  • 本插件不会将任何数据传输到其他服务器上

Peters的插件隐私信息页面

ClassicPress

This plugin is compatible with ClassicPress.

来自 Peter 的更多插件

获取最新消息

在Facebook上关注我
YouTube 频道

Screenshots

  • 当使用 PHP 7.2 版(不含 mcrypt 的 PECL 扩展)时自动开启未来验证模式

FAQ

暂无

Reviews

2019年8月30日
I used to install "Edit Author Slug" in every one of my website, but I always wished for simpler settings. I love this "smart User Slug Hider" because it needs no configuration if you have installed WordPress in PHP 7.2 or newer. It has been working perfectly so far, and seems to be lightweight. I'd highly recommend this plugin over "Edit Author Slug" if there will be only one author in a website, because it is unlikely for viewers to bookmark the author archive page, thus the page doesn't need a comprehensible URL.
2019年10月20日
As a web developer I have many websites out there and recently a client's site was hacked into. The mess that resulted required a complete rebuild. I would not want to go through that again. I already use 'login limited reload' and 'two-factor' log in so I must be fairly safe but it was irritating me that hackers can so easily find a username. Not any longer thanks to this plug in. Just activate and you're there but don't forget to change your WordPress display name so it does not show your username in the source code. Thank you Peter. EDIT It pains me to have to reduce my five star review to one star but the fact is that this plugin no longer works but actually reveals the username. I've tried to get the author's attention with a support question but no reply within three days and I see no update to this plugin in the last six months. It's a shame because it did work very well indeed. I won't give exact details of how the name is revealed although I suspect any hacker worth his salt will soon determine the answer. I hope the author will read this and let me have an email address where I can forward full details to him.
2019年1月29日
I'm about to launch a BuddyPress network and want to comply with GDPR/DSGVO rules and user demands fo privacy as much as possible. This plugin is a must have! 1000 Dank.
2019年1月15日
Excellent! I've been wondering for ages about this issue! Now it's fixed!!
2018年12月16日
Not much more to say, it does exactly what it needs to do. In conjunction with Limit Login Attempts, keeps the 'bots and other casual pests at bay.
Read all 26 reviews

Contributors & Developers

“smart User Slug Hider” is open source software. The following people have contributed to this plugin.

Contributors

“smart User Slug Hider” has been translated into 2 locales. Thank you to the translators for their contributions.

Translate “smart User Slug Hider” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

3 (2018-12-31)

  • 未来安全模式(Future Safe Mode)更名为未来验证模式(Future Proof Mode)
  • 如果 mcrypt 不可用则自动开启未来验证模式
  • 核心优化
  • 用户界面优化
  • 调整了 manage_options 的性能以显示管理页面

2 (2018-03-14)

  • 未来安全模式

1.5 (2017-11-16)

  • WP 4.9 中的错误显示已修复

1.4 (2017-07-15)

  • 和 BuddyExtender 插件相关的修复

1.3 (2017-07-17)

  • BuddyPress 兼容性
  • 重新设计的管理界面
  • 核心优化

1.2 (2016-10-04)

  • 添加短代码
  • 添加主题函数

1.1 (2016-06-30)

  • 代码优化
  • 添加插件信息页面

1.0 (2014-10-02)

  • 初始版本