ThemeShaper Forums » Thematic


Security Threat added by Thematic to author

(1 post)
  • Started 9 years ago by wprunner
  • This topic is not resolved
  1. wprunner


    When an Author/Admin comments on a post, Thematic puts the author username in the class of the comment.

    For example, if the user is "admin" , a class is added to his comment as "comment-author-admin".

    Many users change the name of the WordPress Admin user name from the default to something that is not easy for others to guess or crack. This adds a layer of security. Unfortunately, Thematic reveals this username in comments classes. So for example, if someone changed it to "secretadmin" the class will show as comment-author-secretadmin.

    I didn't see this in the class TwentyTen theme, only with Thematic.

    Please fix this security problem.


    Posted 9 years ago #

RSS feed for this topic

Topic Closed

This topic has been closed to new replies.