Skip to:
Content

BuddyPress.org

Opened 7 months ago

Closed 2 months ago

#9296 closed enhancement (maybelater)

Username exposed in members url

Reported by: aboutm2's profile aboutm2 Owned by:
Milestone: Priority: low
Severity: major Version: 14.3.2
Component: Members Keywords: has-privacy-review
Cc:

Description

profile URL structure is typically /members/[username]/, where [username] is the user's username.

Username is sensitive information and exposing it is a security risk.

Could the profile url structure be reconsidered?

For example use [user_id] as a long, randomly generated, non-sequential string (a UUID or GUID, e.g., a1b2c3d4-e5f6-7890-1234-567890abcdef

Change History (3)

#1 @dcavins
7 months ago

Thanks for creating this ticket. I am not sure that usernames are generally considered sensitive (thinking of other social networks like twitter and facebooks that use the same URL structure, like https://x.com/username/), so would not be in favor of obfuscating them by default--since connections are the whole point of BP.

Have you considered checking the "private community" option on your BuddyPress site and putting the members area completely behind a login fence?

Thanks!

#2 @joelkarunungan
7 months ago

Totally understand the comparison with platforms like Twitter or Facebook. However, many modern platforms now allow user-controlled handles that are distinct from login IDs. In BuddyPress, since user_nicename is used for both the public profile URL and @mention handle, and it's auto-derived from user_login, there's currently no way to decouple the two — and that’s where the privacy concern arises.

Even if usernames aren’t always considered sensitive, it would be helpful if:

  • The user_nicename could be editable by the user or admin — similar to how social platforms let users set their public-facing handle.
  • There was an option to allow a custom alias or slug override, separate from login credentials.

Understandably, changing user_nicename could break existing links or mentions, so perhaps a redirect mechanism or canonical mapping could address that.

Not advocating for UUIDs or hashes in URLs, but for flexibility, especially for communities that want user-friendly URLs without exposing login IDs.

Appreciate the continued work on BuddyPress. Just hoping it evolves toward a more decoupled and privacy-aware identity system in the future.

#3 @espellcaste
2 months ago

  • Component changed from Core to Members
  • Milestone Awaiting Review deleted
  • Priority changed from high to low
  • Resolution set to maybelater
  • Status changed from new to closed

I agree that this is not a privacy concern. We also don't have plans, right now, to bake this feature request into the plugin. I'll resolve this as maybelater.

Note: See TracTickets for help on using tickets.