I’ve noticed with this theme that it is possible by default to see all posts by a given author by clicking on the author’s name. While that is a useful function, if you click on it, you are taken to a URL http://sitename/author/username where username is the WordPress username of the author. This reveals that username to anyone crawling your site, which exposess that username to password cracking. It would be far better if the URL generated did not contain the username string, just some other identifier that would accomplish the same thing without the additional exposure.
Thanks,
Bill
Hi Bill,
That’s actually standard WordPress functionality. If you would like to disable it, consider using this plugin.