Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
<?php
/**
* Plugin Name: User Security
* Description: Hides login errors, disables author archives (to hide usernames), changes author links to title => sitename / URL => homepage
* Version: 1.0.1
* Author: James Morrison, Edd Hurst
* Author URI: https://james.morrison.me/
*/
/**
* Security Check
*
* @since 1.0.0
*/
if ( ! defined( 'ABSPATH' ) ) {
exit; // Exit if accessed directly.
}
/**
* Remove REST endpoint, to prevent user identification via the REST API
*
* @since 1.0.1
*/
add_filter(
'rest_endpoints', function( $endpoints ) {
if ( isset( $endpoints['/wp/v2/users'] ) ) {
unset( $endpoints['/wp/v2/users'] );
}
if ( isset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] ) ) {
unset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] );
}
return $endpoints;
}
);
/**
* Stop the redirect to "pretty permalinks" - i.e. ?author={ID} redirect to /author/{username}
*
* @since 1.0.0
*/
add_filter(
'redirect_canonical', function( $redirect_url, $requested_url ) {
if ( is_author() || ( ! empty( $_GET['author'] ) && preg_match( '|^[0-9]+$|', esc_attr( wp_unslash( $_GET['author'] ) ) ) ) ) {
return false;
}
return $redirect_url;
}, 1, 2
);
/**
* Show a 404 template instead of author template
*
* @since 1.0.0
*/
add_filter(
'template_include', function( $template ) {
if ( is_author() || ( ! empty( $_GET['author'] ) && preg_match( '|^[0-9]+$|', esc_attr( wp_unslash( $_GET['author'] ) ) ) ) ) {
status_header( 404 );
return get_404_template();
}
return $template;
}, 1, 1
);
/**
* Force author page title to use 404 page title from Yoast, rather than default Author page title.
*
* @since 1.0.1
*/
add_filter(
'wpseo_title', function ( $title ) {
if ( is_author() || ( ! empty( $_GET['author'] ) && preg_match( '|^[0-9]+$|', esc_attr( wp_unslash( $_GET['author'] ) ) ) ) ) {
$seo_titles = get_option( 'wpseo_titles' );
if ( $seo_titles && function_exists( 'wpseo_replace_vars' ) ) {
$title = wpseo_replace_vars( $seo_titles['title-404-wpseo'], '', array() );
}
}
return $title;
}
);
/**
* Change the author link to the homepage
*
* @since 1.0.0
*/
add_filter(
'author_link', function( $link, $author_id, $author_nicename ) {
return esc_url( home_url( '/' ) );
}, 1, 3
);
/**
* Change the author posts link to generic text / homepage link
*
* @since 1.0.0
*/
add_filter(
'the_author_posts_link', function( $link ) {
return '<a href="' . esc_url( home_url( '/' ) ) . '" title="' . get_bloginfo( 'name' ) . '">' . get_bloginfo( 'name' ) . '</a>';
}, 1, 1
);
/**
* Hide login errors; by default the error message give away whether the username was correct (and therefore the password was wrong)
*
* @since 1.0.0
*/
add_filter(
'login_errors', function() {
return 'You have entered an incorrect username or password.';
}, 1
);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment