You want to exclude all users of admin role? Or only single admin user?
Thread Starter
JorgeW
(@jorgew)
Initially I want to exclude a single admin (superadmin) user, but if there is an option to manage it at “admin role” level, I would be much interested to know both ways.
Do you know how to use wordpress hooks?
You can use fep_directory_arguments filter hook to accomplish this. Also if you want to exclude from auto suggestion use fep_autosuggestion_arguments hook also.
Thread Starter
JorgeW
(@jorgew)
Hi Shamim,
Do you know how to use wordpress hooks?
No, (not yet). I’m no developer, just a user.
I would prefer not to get into learning, time issues 🙂
Thread Starter
JorgeW
(@jorgew)
Hi Shamim,
I just found that autosuggestion seems to look not for user_public_name (which is what appears in the Directory and therefore totally intuitive) nor for user_nice_name either (which could be used, although how would I know it?) but for user_login!?!
I find this totally counterintuitive (how can I possibly know user_login? and for all users?) and a security flaw (I should NOT know other user_login).
1.- Please confirm, is this true?
2.- If this is so, how can I change it to user_public_name?
Thanks.
Add following code in your theme’s (child theme’s if you are using) functions.php
add_filter( 'fep_directory_arguments', function( $args ){
//$args['role__not_in'] = array( 'administrator' ); //uncomment and add here if you want to exclude all users of a role
//$args['exclude'] = array( 1,2,3 ); //uncomment and add here if you want to exclude specific user(s)
return $args;
});
And user is searched by display name as well as user login. If you want to search only by user display name you can use hooks to achieve that.
As a side note, showing user_login is not consider a security issue.
Thread Starter
JorgeW
(@jorgew)
Wow… works perfectly!
Beautiful solution to just what I needed.
Thanks a lot Shamim.!!!
Thread Starter
JorgeW
(@jorgew)
As a side note, showing user_login is not consider a security issue.
Yes you are right Shamim and that’s weird.
Let’s think it over once again, what is the user_login for?
Well, precisely for that: to “log in” to an account (in combination with your password). If I’m not you, why should I know that parameter if I’m not going to login as you?
So what’s the use for me of knowing a parameter (BTW, one of -mostly- only two login parameters) that I should NOT be using (logging in as if I were you) unless I would be trying to login to your account?!?
Once I have your user_login I only need to find out your password to break into your account.
This is precisely what I find a “security flaw”.
-
This reply was modified 7 years ago by
JorgeW.
