I recently started getting site lockout notifications for my username, which I have kept hidden for years, for security reasons, by modifying the author byline links and redirecting people to my “About” page.
As I’m the only author on the site in question, and have no intention of adding other users for the purposes of writing blog posts, removing my username from all of the public-facing content on my site won’t cause me any problems.
The Problem: Usernames Being Exposed in Comment Classes
After doing a custom text search of my site for my username, I found it was being exposed in the classes for the user comments, something I hadn’t noticed before, with a class in the format:
comment-author-[myusername]
And some sharp spammer has been crawling my comments to try and find legitimate usernames to use against my site.
Darn it!
So, how to hide my username even further, away from the eyes of crafty spammers?
The code that adds the username class comes from the WordPress core, in the
\wp-includes\comment-template.php
file, inside the get_comment_class function.
Happily, there’s a filter at the end of this function that I could use to modify the list of classes being applied to each individual comment:
return apply_filters( 'comment_class', $classes, $class, $comment->comment_ID, $comment, $post_id );
The Solution: Create A Custom Function to Modify the Comment Classes
I cracked out PHP and hacked my way through creating a custom function to filter the comment classes on the way past, to specifically drop the class value in the classes array that includes the string ‘comment-author-‘.
This solution was a two-part one, because the function I needed to drop a specific element from an array – array_filter – required a callback function.
And as the array_filter function works by keeping any value when the callback returns true, I needed a negative function i.e. one that tests for something and only returns true when it doesn’t match, so that we get to keep all of the other class values.
Firstly, I created a function nhs_class_does_not_include_username that tested whether a string contained the target text ‘comment-author-‘, using strpos to capture the value of the target string position.
And to ensure that I was testing for a valid FALSE value for $pos (because sometimes it returns values that are not true positives ), I used the special === comparison operator.
So when the position is false, i.e. the string was not found, the function returns true, and otherwise returns false (i.e. the string was found so it DOES include the username).
function nhs_class_does_not_include_username( $value ){
$pos = strpos ( $value, 'comment-author-' );
if( $pos === false )
return true;
else
return false;
}
And then it was a matter of using this testing function to filter my array, by creating a second function nhs_modify_comment_classes to modify the comment classes:
function nhs_modify_comment_classes( $classes ){
$classes = array_filter( $classes, "nhs_class_does_not_include_username" );
return $classes;
}
And then finally I had to attach this filter function to the appropriate filter location in WordPress (as mentioned above):
add_filter( 'comment_class', 'nhs_modify_comment_classes', 10, 1 );
So, putting this entire solution together, here’s what we get:
// Remove username class from individual comments
function nhs_class_does_not_include_username( $value ){
$pos = strpos ( $value, 'comment-author-' );
if( $pos === false )
return true;
else
return false;
}
function nhs_modify_comment_classes( $classes ){
$classes = array_filter( $classes, "nhs_class_does_not_include_username" );
return $classes;
}
add_filter( 'comment_class', 'nhs_modify_comment_classes', 10, 1 );
And now all I have to do is change my username across all of my content.
Hmmph!
So now you can also add this code to your theme’s custom functions.php file and stop your username being exposed to spammers through the comment classes.
Happy coding!
And as always, please leave any questions or suggestions in the comments below.
Note: I am not available to provide individual support with implementing this code unless you wish to pay me a boatload of cash. Making it work for your site is up to you.
