Website Design Orlando

Responsive-Mobile design by Irina Blumenfeld

  • About
  • Services
    • Website Design
    • Local SEO
    • Digital Marketing
    • Website Care
  • Projects
  • Testimonials
  • Articles
    • Speaking
    • Tutorials
    • Resources
  • Support
  • Contact
  • Twitter
Home / Tutorials / How to hide author username in Beaver Builder Posts Module

How to hide author username in Beaver Builder Posts Module

Updated: June 26, 2019 //

WordPress Login ScreenI noticed that popular Beaver Builder plugin displays Author username in all websites built with BB. It’s not displayed right on the front of the website, but in HTML, as part of Google Schema. This provides username of every person who published a post. It also applies to Custom Post Types. Knowing the username makes hackers a whole lot closer to breaking in.
Security plugins do not prevent exposing author username, as it’s part of Schema.

To view it in Google Chrome browser, go to either a Blog post page or Blog Archive page. Right-click on the page and Choose Inspect. This will open Chrome Developer Tools. Search HTML (Ctrl+F on PC or Cmd+F on a Mac) for Author. You’ll likely see a line:
<div itemscope=”” itemprop=”author” itemtype=”http://schema.org/Person”>

Expand that and it will list:
<meta itemprop=”url” content=”urlofthewebsite/author/username/”>
<meta itemprop=”name” content=”Public Display Name“>

Also, you can search for class fl-post-author, and you’ll find:

<span class=”fl-post-author”>By <a href=”urlofthewebsite/author/username/”><span>Public Display Name</span></a></span.>

That’s another location that exposes username of the person who published a post.

Some people might say you can change Author Name in WP User Settings. You can only change Nickname, which is Public Display Name, but you cannot change username.

Knowing username is 50% of having access to the site.

Recently when WordPress released REST API in version 4.7, it also allowed username harvesting. Security plugins quickly fixed that, and WordPress team released a patch to fix that shortly after.

Until it’s fixed in Beaver Builder plugin, it’s possible to customize it in your own child theme.

You should always have a Child Theme where you make all modifications. If you make changes to the main Beaver Builder Theme, or to Beaver Builder Plugin files, then with the first update, all your changes will be overwritten.

Below are instructions on how to fix it, if you’re using Beaver Builder Posts Module. Post module allows displaying either blog posts or custom post types in different layouts. For example, if you have Custom Post Type “Portfolio”. You can display portfolio pieces in a Post Grid Module on Home Page. Or if you want to display the latest blog posts on home page, you can display them in a Post Module.

Remove Author Username from HTML:

Follow the steps to customize posts module in your child theme.

  1. Create a new folder in your theme’s folder named fl-builder.
  2. Create a new folder within your theme’s fl-builder folder named modules.
  3. Copy the whole folder post-grid module you wish to override from wp-content/plugins/bb-plugin/modules to your theme’s fl-builder/modules folder.
  4. Now after you copied, open post-grid.php in your-theme/fl-builder/modules/post-grid directory.
  5. Comment out lines 224-228 (//Author Schema Meta). You can also remove Date Published meta, if you don’t want dates displayed in HTML. Then comment out lines 209 and 210.
  6. Now open file post-grid.php in your-theme/fl-builder/modules/post-grid/includes. Notice there is another post-grid.php inside the includes folder.
  7. Replace it with this code. I removed all instances of displaying fl-post-grid-author class.
    Please note that even though you can customize the module’s code, the module’s folder name, main php file name and main class name must remain unchanged to be recognized by the builder.
  8. Now upload newly created and customized folder /fl-builder to your child theme directory via FTP to your live site.
  9. Refresh live page that contains Post Module and open Developer Tools (Right click, choose Inspect). Search for Author, and it won’t find anything.
5/5 (5 Reviews)

Recent Posts

WordCamp Orlando 2019

WordCamp Orlando 2019

WordCamp Orlando 2019 was held at the UCF Rosen College of Hospitality Management. WordCamp is an annual conference that focuses on everything WordPress, organized by[Read More…]

Pingdom Tools Speed Test

Make WordPress website faster in 3 steps

In this post I want to share an easy and simple process that will give the biggest win when it comes to website speed. The[Read More…]

Speeding-Up-WordPress Presentation

Speeding Up WordPress

Nobody likes waiting for a slow site to load. Your website speed will impact your SEO, sales and user experience. Half of the people will[Read More…]

About Irina Blumenfeld

Web Consultant, empowering business owners through WordPress. Passionate about Web Performance.
Follow on Twitter

Comments

  1. Jan says

    September 12, 2017 at 6:42 pm

    Thank you very much for writing this blogpost , and the workaround.

    The very same issue was worrying me and you helped me save a few hours or so fixing this.

    Will report this to BB.

    • Irina Blumenfeld says

      September 12, 2017 at 9:32 pm

      I’m glad it helped you. I spent a long time trying to figure it out and Carlos from Beaver Builder support helped me solve it. He said he’ll bring it up to their Development team. I hope they’ll fix it soon.

  2. Dan says

    June 20, 2018 at 1:48 pm

    Unfortunately, this isn’t a security risk and the information on this article isn’t really useful. The reason I state this, is your username is also displayed in the slug for the author URL i.e. my-site.com/author/admin. Leaking your username isn’t considered a security risk by the lead WordPress developers, using a weak password is. You can learn more about this from the link below. 🙂

    https://wptavern.com/why-showing-the-wordpress-username-is-not-a-security-risk

    • Irina Blumenfeld says

      June 20, 2018 at 2:20 pm

      I completely agree that weak password is a security risk. However, not everyone wants to announce their usernames to the world and by default, Beaver Builder Posts module displays it in Schema. It’s always advised to delete “Admin” username that ships with WordPress, as hackers target it the most, and all they have to do is guess a password. I think the best security will be achieved by having a strong password and not announcing your Author Username.

Categories

  • Resources (5)
  • Speaking (14)
  • Tutorials (17)

More Articles

  • WordCamp Orlando 2019
  • Stand Out In Search Results
  • How To Make Your Site Stand Out In Search Results
  • Speeding Up WordPress
  • WordCamp Jacksonville 2018
  • WordPress Orlando Gutenberg Meetup
  • WordCamp Miami 2018
  • Steps to do before launching a WordPress website
  • 10 Steps To Do Before Launching Your WordPress Website
  • Why is my WiFi so Slow? Best ways to Fix Slow WiFi at home
  • WordCamp Orlando 2017
  • How to hide author username in Beaver Builder Posts Module
  • How to fix slow loading images
  • Best Practices For Faster Websites
  • Plugins
  • WordCamp Orlando 2016
  • How to add star rating in WordPress
  • Make WordPress website faster in 3 steps
  • Migrate WordPress to HTTPS
  • Why you should migrate to HTTPS
  • WordCamp Jacksonville 2016
  • How to disable Emojis in WordPress
  • WordCamp Miami 2016
  • How to remove query strings from static resources
  • How to enable Free SSL, HTTP/2 protocol and CDN
  • Improve Your Website Performance
  • List of resources to speed up your website
  • 10 ways to speed up your website
  • Benefits of HTTP/2 Protocol
  • How to add custom post types to a Widget
  • Add previous/next links on single page of custom post type in Genesis
  • How to add text “Menu” next to Hamburger Icon
  • About
  • Services
  • Projects
  • Testimonials
  • Articles
  • Support
  • Contact
  • Twitter

Copyright © 2022 · Netmagik.com · All Rights Reserved · Privacy Policy · Disclosure · Sitemap
WordPress hosting by SiteGround
Tools We Recommend

Twitter Facebook Linked In Github Codepen