Not sure if this is spam or not, but you are in control of your username when you register. Register with a name that you are comfortable sharing with the world.
In fact, if I delete this one post, no one will ever know there is a profile here for you unless they can guess the name.
I think they mean where the admin is hidden on a system so the account is not a target to get hacked.
On each post, bbpress shows your level.
You can just create a different account to post with and another to administrate.
I mean like on this page: https://bbpress.org/forums/profile/chrishajer
Your username to login is chrishajer ? Just want to be able to disable the visibility of the “username” as I feel this compromises security a bit.
Ah you mean you want to work under the display name in 1.x
The problem is the user functions in bbpress work with user login or the user id.
Security via obscurity never works for long.
But you’re probably working under user id # 1 which is also a potential security issue as it gives hackers a target.
Just want to be able to disable the visibility of the “username” as I feel this compromises security a bit.
You can hide it with a plugin but the user login is still in the URL:
bbpress.org/forums/profile/chrishajer
With a plugin of mine you can hide profile pages but it hide the entire page. Or in other words it spawn an error page with a custom message. I don’t think this is what you need.
How is this a security concern? I don’t get it.
It’s a point of attack.
The idea of hiding the user id or user login for admin is an old security suggestion that is still around.
Because like wordpress there is no limit of password attempts, someone can do a dictionary attack against the user name or knowing the id they can try to find holes in the API.
So by hiding it, it’s just a little harder.
IMHO this would be not worth the effort and break too many things.
I get it now: half the access information, i.e. the username. The password being the other half. Rather than break things, I’d probably lock down bb-admin using some of the WordPress security tips.
I’d venture a guess that 99% of the WP security violations over the years have not been via login hacks. There are plenty of other ways to get in.
They don’t even bother to protect the file that contains the MySQL password in plain text!
