Recently, as in very recently, as in today, I realized links to my blog posts where I was the author (aka Permalink Structure) was actually showing my WordPress login user name. I have been a big WordPress fan since it’s inception and the fact that I overlooked this was a little annoying. What you’re essentially doing is telling hackers “Hey here is my login user name, now just guess my password”. As it turns out many of Wordpress users have the same issue.
So what does a permalink have to do with a Slug?
A slug is basically the part of the permalink that specifies what post or page the website content is linked to. In my case my slug was actually my login user name.
Oh no he didn’t, Oh yes he did!
For whatever reason WordPress’s default structure for authors is http://example.com/author/username/. This means if you do nothing and create blogs with your author name displaying for the article, a reader can click on your name and see your username in the URL. That isn’t great security for your website. You are basically giving up half your login information.
I decided to see who else might be making this mistake.
It hard to tell if Moz is setting up their Author Permalink structure correctly or not, but it does appear to at least show the User ID, which may or may not be a vulnerability. That said, the URL structure isn’t friendly and I would advice them to make changes to it. For Rand’s blogs I would advise a URL that looked like https://moz.com/author/Rand-Fishkin or something nicer. It could be they are bumping into issues with whatever they are using for their Authorship Permalinks.
Search Engine Land
Search Engine Land has the URL structure setup correctly and has removed the actual user name from the URL.
Backlinko interesting enough doesn’t have links to Author pages. I am not sure what the rational is, but it is a bit different.
Gotch SEO is another site that has their author setup correctly.
How To Fix The Author Permalink Issue / Author Slug Settings
Fortunately WordPress has a plugin called “Edit Author Slug“. What this program allows you to do is change the URL structure for Authors to something less vulnerable.
For Hang Ten SEO, I simply went with my full name.
Once the plugin is installed, you have essentially 3 options to choose how you want your URL to look like.
- Author base – You can replace “Author” with whatever name you wish. I kept Author for my website, but if you wanted to have it say “SEO Guru” or something else, you could.
- Author Slug Structure – You also have the ability to choose the Author slug. I choose display name, which matches what shows up on an article.
- Bulk Update – Author Slug – Lastly if you need to update your entire user list there is a Bulk Update section. Again I choose to use “Displayname”.
Once you have made your choices you are good to go and you no longer have to worry about your user name being displayed.
Tom – you raise a very important point re WordPress. I’m amazed that there appears to be so little public concern around this. Does WordPress have plans to address?
Awesome content!! I am big fan of your blogs i`m a blogger & your information is much helpful for me. I can`t stop myself to comment on this keep posting 🙂 Thanks a lot