Security flaw in regards to BuddyPress member username/display name?
Using the Display Name, in BuddyPress Profile Fields, does not save the information to the WordPress User Edit section.
When I’m using BuddyPress and I edit a member profile name, it does not save and display the new name. It only displays the name that the user (or I) logs in with. No matter how many times I edit the profile name in the BuddyPress profile settings, it will not save.
However, when I edit the User via the WordPress Edit User, I can save the name correctly so that it doesn’t display the login name. But, if I go back and edit the BuddyPress Profile settings to change the name again, it reverts back to the login name and will not save or maintain the previous changes.
This is not secure/safe as everyone can see the login name and only have to guess the password to login to other peoples accounts.
Is BuddyPress, by default, not supposed to show a “Nickname” rather only show the login name? I’ve been trying to figure this out for hours and my brain is finally fried, so I figured to post this here.
You must be logged in to reply to this topic.