Free WordPress Plugin to hide usernames in author pages URLs for enhanced security.
WordPress automatically creates a page for each author (of course this are no physical pages, they are generated at runtime). There is a slight security risk with the URLs generated from WordPress for these author archive pages.
By default the URL of the author archive page on a WordPress site is
slug is a hidden field you cannot access in the user settings. When creating a new user WordPress sets the slug to a URL-friendly version (no blanks, no special characters) of the username (e.g. if your username is “My Name” the slug would be “my-name” – same behavior as the post slug used in permalinks).
The username is needed to login into WordPress. In other words the author archive page URL betrays half of the information you need to acces the WordPress backend. The login names from all your users are publicly visible.
To avoid this risk the smart User Slug Hider Plugin changes all author page URLs from e.g.
www.example.com/author/admin to a 16 digits coded strings like
www.example.com/author/e9e716def73f76ac. The codes are generated automatically and its impossible to make conclusions about the user names. The WordPress default URLs will cause a 404 (not found) error.
There are no settings and no need to change anything. The plugin does not make any changes to your database. The URLs are created on runtime. Deactivating the Plugin restores the default WordPress behavior.