[buddypress-trac] [BuddyPress Trac] #9296: Username exposed in members url
buddypress-trac
noreply at wordpress.org
Tue Jul 22 09:39:36 UTC 2025
#9296: Username exposed in members url
--------------------------------+------------------------------
Reporter: aboutm2 | Owner: (none)
Type: enhancement | Status: new
Priority: high | Milestone: Awaiting Review
Component: Core | Version: 14.3.2
Severity: major | Resolution:
Keywords: has-privacy-review |
--------------------------------+------------------------------
Comment (by joelkarunungan):
Totally understand the comparison with platforms like Twitter or Facebook.
However, many modern platforms now allow //user-controlled handles// that
are distinct from login IDs. In BuddyPress, since `user_nicename` is used
for both the public profile URL and @mention handle, and it's auto-derived
from `user_login`, there's currently no way to decouple the two — and
that’s where the privacy concern arises.
Even if usernames aren’t always considered sensitive, it would be helpful
if:
* The `user_nicename` could be //editable by the user or admin// —
similar to how social platforms let users set their public-facing handle.
* There was an option to allow a //custom alias or slug override//,
separate from login credentials.
Understandably, changing `user_nicename` could break existing links or
mentions, so perhaps a redirect mechanism or canonical mapping could
address that.
Not advocating for UUIDs or hashes in URLs, but for **flexibility**,
especially for communities that want user-friendly URLs without exposing
login IDs.
Appreciate the continued work on BuddyPress. Just hoping it evolves toward
a more decoupled and privacy-aware identity system in the future.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/9296#comment:2>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list