Reputation: 441
How to disable author query in WordPress
In wordpress, when you hit url like the following:
http://www.example.com/?author=1
If the author ID is valid then they will be redirected to the author URL, for example:
http://www.example.com/author/username
Then the hacker start attacking the username. How could I disable (?auther=xx) query in url?
for example redirect the request to another page like 404 (not found) page
Upvotes: 2
Views: 2492
Answers (2)
Reputation: 11
I believe that dingo-d has it right, above, referring to the 301 redirect. I have installed 301 redirects on several Wordpress sites to accomplish this. I redirect [domain]/?author=* with a wildcard to my 404 page. I have watched my activity logs before and after implementing this. The malicious login attempts immediately switch from valid user names to the generic "admin."
Upvotes: 1
Reputation: 3130
Add the following filter to your functions.php file;
add_action('template_redirect', 'disableAuthorUrl');
function disableAuthorUrl(){
if (is_author())) {
wp_redirect(home_url());
exit();
}
}
This will check all incoming requests to see if the page requested is an author page, and if so, redirect to the homepage, or wherever else you choose.
Upvotes: 0
Related Questions
- Wordpress and author__in
- Wordpress - How to disable all author link but keep name as text?
- Wordpress: Author page PHP If viewing xxxx author page show this xxxxx
- Wordpress author name hiding
- How to disable display of authoring information in drupal?
- WordPress - Only show authors with posts
- WordPress Query on Author.php not working
- get ONLY authors for wordpress blog
- Wordpress, List Authors and Exclude Admin
- How to turn off authoring information for a drupal page