A simple proposal to improve safety

[jml-french]

When an author creates a post, his login appears. This poses a security problem because it is then only necessary to find the password to log in.
It would be nice to be able to use an alias that would be used instead of the login when posting.

[Docfips]

Or an option to just turn that function off would be nice. I know there are others who use these for multiple people, but this is just me. I don't need that lol

[KuJoe]

I'm trying to think of a good way to implement this but without using a database I can't come up with a proper method other than checking every user file manually on login. If anybody has any ideas I'm all ears. 😊

I would definitely recommend enabling MFA and CAPTCHA for enhanced security to reduce the risk for brute force attacks.

[Joduai]

It's just about showing user's nick instead of his login name across different types of pages on website.
user.ini files in /config/users path could just have additional "nick=username" during creation, and a possibility to change it.
Once nick is set manually, then it would be used instead of user's login name.

ps. I secured login/admin path with apache's htpasswd additionally as I'm not fond of using G or CF captchas.

[danpros]

With the current htmly so that the username is not exposed can be done quite easily.. Simply by changing it via theme. Example from blog theme:

<span itemprop="author"><a href="<?php echo $p->authorUrl;?>"><?php echo $p->authorName;?></a></span>

Remove the anchor tag:

<span itemprop="author"><?php echo $p->authorName;?></span>

The $p->authorName; is taken from the title when we edit our profile.

To remove the author link from the sitemap, go to admin/config/metatags. Find sitemap.priority.author and set it to -1 to disable it.

Edit: so the title is the alias.

[Joduai]

ohhh so it's already there
Just a hidden feature.

btw. is changing user login possible in admin panel?
Or only through manually changing user.ini filename in /config/users along with /content/username dir?

[danpros]

We can't change the username using admin panel. We need to edit the username.ini and content/username manually and clear the cache or simply delete the index, page, widget folder inside the cache folder.

[KuJoe]

Oh I was looking at how to remove the username from the profile URL (/author/USERNAME) but I guess disabling that page would do it. :)

[danpros]

@KuJoe ya it still available/accessible somewhere but as long as we don't expose it should fine 😄