Links for the byline that display below your post have two issues on Genesis themes. One is a security risk and the other is bug that started when Genesis 2.0 was released.
The latter one will affect anyone who has updated to the Genesis 2.0 framework, but still has their original theme that has not been updated for the new schema markup yet.
In this quick video, I’ll show you both issues and how they affect your site security and Google authorship. Plus, I’ll show you a super fix that you just may want to keep, even after they fix the bug.
See more Genesis tutorials in the BlogAid Video Library including
an entire section on Genesis plugins like Simple Edits.
Nathan Rice says
August 18, 2013 at 8:50 amThis is not, I repeat NOT a security hole. First of all, that “posts link” function has always been in Genesis, and second of all, the shortcode is just a passthrough for a built in WordPress function.
http://codex.wordpress.org/Function_Reference/the_author_posts_link
It’s like saying that it’s a security hole to give out your email address, because someone has half of your Gmail login if you do.
The other part (the markup showing if you use [post_author_link] is valid, and we’ll have a 2.0.1 patch ready early next week.
MaAnna Stephenson says
August 18, 2013 at 9:27 amNathan, so glad a fix is coming soon.
We’ll have to cordially disagree on the security thing. I’m in favor of not giving out any login info, period.
Liz Jamieson says
August 19, 2013 at 5:05 amHi MaAnna – I think you are both mostly right and both a little bit wrong.
MaAnna – I agree with you that there is a security hole there, but Nathan is right in stating that it is not a Genesis issue, it is in fact a WordPress issue. The username is exposed by most WordPress themes or frameworks because it is a native feature of WordPress to provide the ability to link each post to is author. Any theme that provides a link to an author archive page will have this potential security issue.
I disagree with Nathan in that it is OK to expose your WordPress username because it gives away half the security. I take his point that you do the very same thing when you tell someone your email address with regard to your Google Account. However you have to give away your email address in order to receive email at that address, but there is no need to give your WordPress username away.
MaAnna’s technique of using an about page rather than the author archive page is perfectly viable for single author WordPress sites, however for multi-author sites it is onerous and the technique she gives can only work for one author without significant PHP modifications. A better solution which supports single and multi-author sites is given here : http://www.authorsure.com/827/wordpress-username-security
MaAnna Stephenson says
August 19, 2013 at 7:07 amLiz, thank so much for your comments and the link for help with multi author blogs. Everything about them got more complex when authorship started. Same with sites that have guest authors.
When I looked in the forums, the folks at Genesis were already aware of the bug and working on a fix. Nathan said it would be available soon.
I’ll be reporting on that, as I would like to help folks use the easy shortcodes and still get their authorship perks.