Security issue leaks login name

  • Resolved andrebell82

    (@andrebell82)


    2 years, 6 months ago

    Not sure if this is a conflict with a plugin but…

    Sadly had to uninstall the theme. Everywhere below that says
    ‘my-private-username’
    is where the theme listed my ‘hidden’ login name directly in the delivered html page source (not good for helping mitigate brute force attacks):

    ‘!DOCTYPE html><html dir=”ltr” lang=”en-US”><head><meta charset=”UTF-8″><meta http-equiv=”X-UA-Compatible” content=”IE=edge”><meta name=”viewport” content=”width=device-width, initial-scale=1.0, maximum-scale=3.0″ /><title>blurb – private dude</title><meta name=”description” content=”all-in-one-seo stuff” /><meta name=”robots” content=”max-image-preview:large” /><link rel=”canonical” href=”https://www.my-private-site.com/services-overview&#8221; /> <script type=”application/ld+json” class=”aioseo-schema”>{“@context”:”https:\/\/schema.org”,”@graph”:[{“@type”:”WebSite”,”@id”:”https:\/\/www.my-private-site.com\/#website”,”url”:”https:\/\/www.my-private-site.com\/”,”name”:”site title – private dude”,”description”:”plug”,”inLanguage”:”en-US”,”publisher”:{“@id”:”https:\/\/www.my-private-site.com\/#organization”}},{“@type”:”Organization”,”@id”:”https:\/\/www.my-private-site.com\/#organization”,”name”:”blurb – private dude”,”url”:”https:\/\/www.my-private-site.com\/”,”logo”:{“@type”:”ImageObject”,”@id”:”https:\/\/www.my-private-site.com\/#organizationLogo”,”url”:”https:\/\/www.my-private-site.com\/wp-content\/uploads\/2022\/05\/LinkedIn150x150.jpg”,”width”:150,”height”:150},”image”:{“@id”:”https:\/\/www.my-private-site.com\/#organizationLogo”}},{“@type”:”BreadcrumbList”,”@id”:”https:\/\/www.my-private-site.com\/services-overview#breadcrumblist”,”itemListElement”:[{“@type”:”ListItem”,”@id”:”https:\/\/www.my-private-site.com\/#listItem”,”position”:1,”item”:{“@type”:”WebPage”,”@id”:”https:\/\/www.my-private-site.com\/”,”name”:”Home”,”description”:”blurb”,”url”:”https:\/\/www.my-private-site.com\/”}}]},{“@type”:”Person”,”@id”:”https:\/\/www.my-private-site.com\/author\/my-private-username#author”,”url”:”https:\/\/www.my-private-site.com\/author\/my-private-username”,”name”:”private dude”,”image”:{“@type”:”ImageObject”,”@id”:”https:\/\/www.my-private-site.com\/services-overview#authorImage”,”url”:”https:\/\/secure.gravatar.com\/avatar\/fb1216ebfc31bbc72d9095844f462e0c?s=96&d=mm&r=r”,”width”:96,”height”:96,”caption”:”private dude”}},{“@type”:”WebPage”,”@id”:”https:\/\/www.my-private-site.com\/services-overview#webpage”,”url”:”https:\/\/www.my-private-site.com\/services-overview”,”name”:”Sblurb – private dude”,”description”:”all-in-one-seo stuff”,”inLanguage”:”en-US”,”isPartOf”:{“@id”:”https:\/\/www.my-private-site.com\/#website”},”breadcrumb”:{“@id”:”https:\/\/www.my-private-site.com\/services-overview#breadcrumblist”},”author”:”https:\/\/www.my-private-site.com\/author\/my-private-username#author”,”creator”:”https:\/\/www.my-private-site.com\/author\/my-private-username#author”,”datePublished”:”2012-05-29T05:57:51-08:00″,”dateModified”:”2022-05-09T00:38:25-08:00″},{“@type”:”Article”,”@id”:”https:\/\/www.my-private-site.com\/services-overview#article”,”name”:”blurb – private dude”,”description”:”blurbs”,”inLanguage”:”en-US”,”headline”:”Services Overview”,”author”:{“@id”:”https:\/\/www.my-private-site.com\/author\/my-private-username#author”},”publisher”:{“@id”:”https:\/\/www.my-private-site.com\/#organization”},”datePublished”:”2012-05-29T05:57:51-08:00″,”dateModified”:”2022-05-09T00:38:25-08:00″,”articleSection”:”Hire private”,”mainEntityOfPage”:{“@id”:”https:\/\/www.my-private-site.com\/services-overview#webpage”},”isPartOf”:{“@id”:”https:\/\/www.my-private-site.com\/services-overview#webpage”},”image”:{“@type”:”ImageObject”,”@id”:”https:\/\/www.my-private-site.com\/#articleImage”,”url”:”https:\/\/www.my-private-site.com\/wp-content\/uploads\/2022\/05\/LinkedIn150x150.jpg”,”width”:150,”height”:150}}]}</script> <link rel=’dns-prefetch’ href=’//s.w.org’ /><link rel=”alternate” type=”application/rss+xml” title=”blurb – private dude » Feed” href=”https://www.my-private-site.com/feed&#8221; />`

    …hopefully the details above don’t get too skewed to the point this is unreadable. Removed my details so doesn’t appear as self promotion. Anyhow hope this helps avoid problems if anyone else unknowingly runs into this too.

    thx

    • This topic was modified 2 years, 6 months ago by andrebell82. Reason: clipboard error...aka ID10T error
    • This topic was modified 2 years, 6 months ago by andrebell82. Reason: my clipboard keeps inserting identifying info somehow :(
Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter andrebell82

    (@andrebell82)

    Nevermind.
    I installed a bunch of plugins the same day I installed this theme. So far I found two plugins that were causing most of these instances. Eliminated all but one leak of my username by disabling everything I installed today. Still have one instance of my username showing that I am unable to track down. May have been something I changed months ago and failed to realize the problem. PITA to track down.
    In any case I’m now certain it doesn’t look like this theme is the culprit.
    Sorry for the false alarm ??
    Wish I could add a question mark (?) in parenthesis to the title of this post.
    Now am off to find that last annoying leaker.
    Thanks again for the cool looking theme.

    Theme Author jasom

    (@jasom)

    ok. btw when you are afraid leaking login name, check regular wordpress json endnode ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security issue leaks login name’ is closed to new replies.

Tags