I noticed once that some scripted hits against a WordPress site I was managing were seeking out the default WordPress author pages. For this particular site, nothing special was ever designed nor set up for author pages, as they were unnecessary for this use case.
This was alarming because it meant that search bots and scripts could still find this information, and presumably use it in hacking attempts on the WP admin login area. These links had also unfortunately been picked up by search bots, so I wanted to take care of them at the root and stop them in their tracks.
Nothing to see here
The ideal solution would be to disable this functionality altogether if it’s not needed and then redirect would-be visitors to your 404 page if anyone anything tries to seek them out:
/**
* Remove Author pages
*/
add_action( 'template_redirect', 'remove_author_pages' );
function remove_author_pages() {
if( is_author() ) {
global $wp_query;
$wp_query->set_404();
status_header( 404 );
}
}
/**
* Remove links to Author page
*/
add_filter( 'author_link', 'remove_author_pages_link' );
function remove_author_pages_link( $content ) {
return get_option( 'home' );
}
That’s it. Simple and effective.
