By default, stupid Worldpress puts the user’s login in the author URL of each post. To remove this: in the child theme, in the file functions.php:
/** * Remove author display name * @param $display_name * @return string */ function my_remove_author_display_name( $display_name ) { if ( ! is_admin() ) { return ''; } return $display_name; } add_filter( 'the_author', 'my_remove_author_display_name' ); /** * Adjust API endpoint availability to hide user info */ function my_api_endpoint_setup( $endpoints ) { if ( isset( $endpoints['/wp/v2/users'] ) ) { unset( $endpoints['/wp/v2/users'] ); } if ( isset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] ) ) { unset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] ); } return $endpoints; } add_filter( 'rest_endpoints', 'my_api_endpoint_setup' );
The first piece knocks out the display; the second one takes the API ends out of the water.
If you don’t have a child theme or don’t know what it is, there’s a more kolhozny option – hide by css, for example:
span.author.vcard { display: none; } span.meta-sep { display: none; }
It won’t save you from tough guys, but it might save the typical koolhacker.
Also note that some plugins light up the login too; this has to be checked individually.