Category: WordPress Core

Posted on

Customize the WordPress author slug without a plugin

The author slug in WordPress is the ‘pretty link’ you can use to access the archive page of posts published by a specific user account.

To give you an example, https://obijuan.dev/author/obijuandev.

If you visit that link, you’ll get all posts created and published by my user account here on my website.

By default, WordPress gives you the author slug composed of the ‘author’ keyword followed by the account’s nicename. In most cases, this nicename can lead to a very easy guess of the actual username associated with the account, leading to potential security threats.

As a security measure, it is convenient to change this nicename to something else.

The most ‘straightforward’ method would be to change the nicename value directly in the database record for the user account.

However, in an ideal scenario, you should really not mess with the WordPress database. Even as a developer, you should keep the WordPress database intact as much as possible.

So, what other option do you have to customize the WordPress author slug?

You can leverage the power of hooks to mask the author’s nicename, hence changing the author slug with a custom name.

The main benefit of this approach is that it will protect the username from any potential attackers from knowing your account’s username.

The reasoning behind this is that attackers can use the account’s username in an attempt to crack your account’s password and gain admin access to your website.

So, how do you change the author slug in WordPress?

Let’s draw a few logical steps you can take advantage of to achieve the proposed outcome:

You need to indicate what user you will change the author slug for and the custom name you’ll replace the author slug with. You can store these in variables; please see the example below:

$specific_user = 'obijuan';
$custom_slug = 'obijuandev';

Use the author_link filter to change how WordPress links to the author’s page.

The author_link filter by default uses three parameters. For this example you only need to leverage two of those, $link and $author_id.

The first one gets the current author link value, while the other literally gets the author ID.

You also need to pass your $custom_slug and $specific_user to use the assigned values in the function’s logic.

Retrieve the user data with the get_userdata() function. This will bring the user object for a specific account.

Check if the user_login property matches the $specific_username, then build a ‘new link’ by replacing the selected account’s nicename with the $custom_slug.

add_filter('author_link', function ($link, $author_id) use ($custom_slug, $specific_username) {
    $user_info = get_userdata($author_id);
    if ($user_info->user_login == $specific_username) {
        $link = str_replace($user_info->user_nicename, $custom_slug, $link);
    }
    return $link;
}, 10, 2);

More information about the author_link filter can be found in the WordPress Code Reference: https://developer.wordpress.org/reference/hooks/author_link/.

Redirect visitors to the correct author’s page.

WordPress needs to know where to redirect the user when clicking a link with the new author slug.

You can add a rewrite rule to tell WordPress where to redirect the user.

add_rewrite_rule(
    'author/' . $custom_slug . '/?$', 
    'index.php?author_name=' . $specific_username,
    'top'
);

Lastly, ensure WordPress recognizes the new query variable.

add_filter('query_vars', function($vars) {
    $vars[] = 'author_name';
    return $vars;
});

To make the code work, wrap it around a function and hook that function into the init WordPress hook.

/*
* Snippet: Customize the WordPress author slug without a plugin.
* Author: Obi Juan.
* Author URI: https://obijuan.dev
* Explanation: https://obijuan.dev/customize-the-wordpress-author-slug-without-a-plugin/.
* Version: 1.0.0
* Publish Date: September 28th, 2023.
*/
function custom_author_slug() {
    // Set your custom slug and specific username here.
    $custom_slug = 'custom-slug';
    $specific_username = 'specific_username';

    // Customizing the author link.
    add_filter('author_link', function ($link, $author_id) use ($custom_slug, $specific_username) {
        $user_info = get_userdata($author_id);
        if ($user_info->user_login == $specific_username) {
            $link = str_replace($user_info->user_nicename, $custom_slug, $link);
        }
        return $link;
    }, 10, 2);

    // Adding a rewrite rule for the custom slug.
    add_rewrite_rule(
        'author/' . $custom_slug . '/?$', 
        'index.php?author_name=' . $specific_username,
        'top'
    );

    // Ensure WordPress recognizes the new query variable.
    add_filter('query_vars', function($vars) {
        $vars[] = 'author_name';
        return $vars;
    });
}
add_action('init', 'custom_author_slug');

Add the final version of the code to your theme’s functions.php file.

You can add it to your favorite code snippet plugin alternatively.

The third option is to create a small utility plugin to hold your code.

NOTE: The author slug will not change until you flush your Permalinks. To flush the Permalinks, in the WordPress admin go to SETTINGS > PERMALINKS, scroll down the page, and click the blue ‘Save’ button.

Over to you.

Let me know how it goes in the comments, whether you encounter any issues, if it works flawlessly on the first try (hopefully), or if you have any questions.

Posted on

In WordPress I’d change…

Sometimes I see people get asked what would you change about WordPress CMS?

I have not been asked this yet, but if I were asked, first, I’d change how notifications are displayed to admins.

This is a problem that has existed for years, and nowadays, notifications have lost their real purpose.

Notifications in the core are useful when there is a major update of a plugin, and you need to update the database structure.

Or you purchased a theme and need to finish the setup.

In recent years, more plugins have abused the WordPress admin notifications to make a sale.

There are examples that come to mind, but I don’t want to point to anyone specifically.

You see long-form notifications asking for a review or to purchase a paid version of the plugin.

And they keep nagging you through the WordPress Dashboard, some even making it difficult to permanently dismiss the notification.

So, the change would consists in 1) Penalize plugins/themes that blatantly abuse the admin notifications and 2) Set a new place for notifications to show. Instead to be displayed at the top of the main content body in the WordPress admin area, add a drop-down to the WordPress Admin Bar and display the notifications in an auto-hiding div element. If the drop-down is not hovered, then no notifications are displayed.

The plugins page needs a change too. I’ll talk about that in another post.

Posted on

Determining the WordPress active theme when you can’t access the dashboard.

There are times that you cannot access a WordPress website at all. White Screen, Fatal Errors, you name it.

You can access via FTP and disable plugins by renaming the plugins folder. The same with the themes.

However, from outside of the WordPress Dashboard you cannot really tell what is the active theme.

If you have hosting access, go to the databases, and enter phpMyAdmin. Locate the site’s database.

Go to the wp_options table.

Navigate through the registries until you find a row with the option name set as ‘template’.

In the option_value column, you’ll see the name of the theme in question.