[wp-hackers] Maybe a secure-hole

Otto otto at ottodestruct.com
Thu Oct 9 20:43:15 GMT 2008

On Thu, Oct 9, 2008 at 2:47 PM, Jeremy Clarke
<jer-wphackers at simianuprising.com> wrote:
> So: it would be really nice if the author urls were
> editeable/choosable or if they just used display_name instead of login
> name for both potential security benefits and because it would be
> aesthetically pleasing. It really is weird to click on a link with a
> name on it and come to a url with the person's weird internet alias.

It was pointed out that it actually uses the user_nicename field,
which is the sanitized version of the user_login field. Change the
nicename = change the URL. Nicename is not editable anywhere though.

> Why not just use a lowercase url-ized version of display name for
> author urls?

You could use the pre_user_nicename filter to change it to something else:

function change_nicename($nicename) {
return sanitize_title($_POST['display_name']);

> Last thing: Why is there no permalinks field for the author base?

It's there, just has no option in the admin menus to edit it. Just
change the global $wp_rewrite->author_base to whatever you want it to


More information about the wp-hackers mailing list