Option to hide username? (@username)

#1 · April 2, 2019, 1:57 pm

Hi,

I’d like to know if it’s possible to hide the wp username from showing up next to the public name. This introduces an attack vector I believe, as it reveals and admin username which can then be used to brute force. I’ve experienced such an attack and I figure the forum is the only source that reveals the username.

Thanks!

#2 · April 2, 2019, 2:27 pm

Hello @oneninetyeight

The unique username is necessary for the mentioning functionality. You can disable the mentioning functionality in Forum -> Settings so its not shown anymore.

If you want to support the development of Asgaros Forum, you can leave a good review or donate. Thank you very much!

#3 · April 17, 2019, 5:09 pm

Thomas, hello! Please tell me in more detail how to disable the display of @username? Could not find in the settings of the forum. This is a big security issue on the site.

Still. On the forum in the settings, you can choose the path to the user profile “slug” or “ID”. In the case of “slug”, it is possible to understand how the user logs into the forum. It is advisable to add the third option “nickname”:
Suppose I register under the login “Sergey Erenbur”, choose a nickname under which I want to write on the forum “Erenbur”. It is necessary that the profile path was /profile/erenbur
Then the potential site cracker will not know that the user logs in with the “Sergey Erenbur” login.

#4 · April 17, 2019, 9:37 pm

Hello @erenbur

You can disable displaying this information by disable the mentioning-functionality in Forum -> Settings -> Notifications -> Enable Mentioning.

Unfortunately, using a nickname for the mentioning-functionality or the URL is not working:

A nickname is optional
A nickname is not unique which means that multiple users can choose the same nickname (e.g. Thomas Mueller and Thomas Schulz both can choose Tom as their nickname)

So in case the nickname Tom would be used for the URL, it would be impossible to determine which profile should get opened.

If you want to support the development of Asgaros Forum, you can leave a good review or donate. Thank you very much!

#5 · April 17, 2019, 10:16 pm

Thank! It is necessary to output a profile through ID.

#6 · April 17, 2019, 10:34 pm

Appeal to the user can be implemented as PHPbb was done. When you click on the nickname opens a small menu:
Contact by nickname
Send private message
Go to profile

I did this in one forum: https://mosmasterremont.ru/forum/viewtopic.php?t=718

Uploaded files:

riz has reacted to this post.

#7 · April 19, 2019, 9:39 am

teeest

#8 · April 19, 2019, 9:41 am

teesssttt with image

sss

Uploaded files: