Author page shows user login ID - security concern

If I click on the author name of a post, it takes me to a page that lists all the posts by that author. The URL of that page is :

That login ID could be used for brute force attacks, and generally good practice would be to avoid displaying this. Would it be possible in a future update of the theme to change the URL to be:

Meaning, use the actual name (alias) that readers see on the site, rather than the wordpress loginID.


Also, if i google my domain name, that author page that contains my loginID comes up in the search results. So there are potentially two ways a hacker could get my loginID.

Hi @metallikat36,

I hope you are well today and thanks for posting here.

The default WordPress themes like Twenty Sixteen theme also uses the same functionality so i don’t think it’s security concern.

Read more information about it here

Best Regards,