Automated programs, commonly referred to as hacker bots, continuously search websites to uncover author usernames by utilizing author IDs.
This method allows them to obtain author usernames effortlessly. Once received, these usernames can be used to gain unauthorized access to the website’s dashboard through the login form.
What is Author Path and Author ID in WordPress?
For example, if your WordPress site’s domain is “domain.com” and an author with the username “john” has contributed articles, the author path might look like this:
Default Author Path: https://domain.com/author/john/
Visiting this URL would take users to a page displaying all of John’s published posts and any additional information about him.
WordPress uses this ID internally to differentiate between users and assign permissions. Every user, including administrators, is assigned a specific numeric ID.
For instance, if John has an Author ID of 5, the URL to his author page might also include the Author ID in this format:
Author Path with ID: https://domain.com/?author=5
Why is it essential to secure the Author Path?
Think of your WordPress website as a digital castle. Inside this castle, there are rooms for different authors who create content. Each author has a special name (like a username) and a secret number (like a code) that lets them in.
But, there are some sneaky characters outside who want to find out these secrets. They can use tricks to guess the author’s name and secret number. If they succeed, they can try to break into the castle and cause trouble.
Now, imagine if the castle had secret doors with names written on them and secret codes displayed. The sneaky characters could quickly discover who lives where and which code opens each door.
That’s similar to what happens with author paths and IDs in WordPress. By default, WordPress shows the author’s name and secret number in the web addresses, making it easier for sneaky characters (hacker bots) to guess and cause problems.
But, here’s the important part:
If you hide the author’s name and secret number (path and ID), the sneaky hackers get confused. They can’t guess who lives where or which code opens the doors.
This is super important because it keeps your website safe. Hackers can’t easily guess author names and IDs, so they can’t make brute-force attempts.
Overall, securing author paths and IDs is integral to maintaining the security, integrity, and privacy of your WordPress website and its users.
How to Secure Author Path with WP Ghost
To enhance security, modify the author’s path using the WP Ghost Plugin. By following these steps, you can strengthen the security of your WordPress website and prevent unauthorized access by hacker bots.
Activate Safe Mode or Ghost Mode
Begin by activating Safe Mode or Ghost Mode to open the path customization process.
- Access your WordPress dashboard after installing and activating the WP Ghost plugin.
- Select Safe Mode or Ghost Mode. Safe Mode provides basic protection, while Ghost Mode offers more advanced security features.
Change Author Path
Now, let’s transform the paths that guide hackers through your castle’s halls:
- Go to WP Ghost > Change Paths > User Security.
- Click the Save button to apply the changes.
Note: Some profile plugins and themes rely on the author path for user portfolios and customized profile pages. If the author’s path is modified, these functionalities might malfunction.
If you encounter such issues, you can revert to the default path. Remove the custom author path and use the default path instead.
Hide Author ID URL
To disable the author ID calls, follow these steps
- Go to WP Ghost > Change Paths > User Security.
- Click the Save button to apply the changes.
Usually, when someone enters a URL like https://domain.com/?author=1 on a WordPress site, they are automatically redirected to https://domain.com/author/username/. Here, “username” is the author’s login name associated with an ID of 1 (usually the admin user).
By activating the option Hide Author ID URL, URLs like domain.com/?author=1 will no longer reveal the user’s login name.
Run a Security Check
After saving your changes, it’s essential to run a security check to verify that the paths are hidden and secured.
Conclusion
You’ve successfully strengthened the security of your WordPress website by making strategic adjustments to author paths and IDs. These modifications are essential for preserving the privacy, integrity, and overall security of your online platform.
Remember that cybersecurity is an ongoing commitment. Regularly revisiting these steps and staying informed about evolving security practices will help you stay one step ahead of potential vulnerabilities.
Troubleshooting
Author Pages or Profiles Are Not Accessible After Changing the Author Path
Clear cache
Clear the cache of your cache plugin and your browser to ensure you see the latest changes. Cached pages might still have the old author paths stored, causing issues.
Check the custom author path
Double-check the custom author path you’ve set to ensure it has been entered accurately and without any typos.
Permalink settings
Go to your WordPress dashboard, navigate to Settings > Permalinks, and click Save Changes to refresh the permalinks. This action can sometimes help resolve issues related to URL structures.
Revert to default path
Delete the custom author path temporarily to see if the accessibility issue is related to it. If the default path works, there might be a compatibility issue with other plugins.
However, the root cause is often server configuration, especially if the rewrite rules haven’t been correctly applied. It’s essential to follow the instructions in WP Ghost according to your server type and ensure proper configuration.
Some Author Links Are Broken After Changing the Author Path
If you’ve noticed that some of your links are broken or directing you to the wrong destinations after modifying the author path, there might be an issue with the permalink structure. When you change the author path, the URLs associated with author profiles and pages are also altered. This can lead to incorrect links and broken navigation.
Solution:
Clear Cache
If you have a cache plugin or use server caching, clear all the cache, as the change of paths has significantly changed the website’s structure.
Update permalinks
Go to your WordPress dashboard, navigate to Settings > Permalinks, and click Save Changes to refresh the permalinks. This action can sometimes help resolve issues related to URL structures.
Check for hard-coded links
If you’ve manually added author links within your content or theme files, update them to reflect the new author path.
After applying these steps, your links should lead to the correct destinations, and the issue of broken or incorrect links should be resolved.
Some Contributors or Users Have Difficulty Accessing their Profiles after Changing Author Path
After making changes to the author path, contributors or users might encounter problems accessing their profiles or features related to authorship. This can happen if the modified author path conflicts with the URLs or settings associated with their profiles.
Communicate changes
Inform your contributors and users about the recent changes you’ve made to the author’s path. Let them know they might need to adjust their URLs or bookmarks to access their profiles.
Check URLs
Contributors and users should use the correct URLs to access their profiles. If the author’s path has been modified, they might need to update their bookmarks or saved links.