Hiding Active Directory user IDs from WordPress author slugs

I recently set up a corporate WordPress blog system. With the Active Directory Integration plugin, users can sign in with their corporate ID and password.

But here’s a problem: each blog post has a link to the author’s profile. That profile’s URL includes the user ID. The corporation’s security standards say we can’t expose user IDs to the world, so the author profile URLs have to be sanitized.

It took a while to figure out a solution, but the end result is reasonable.

I found this post at StackExchange’s WordPress site. Adding the first two code snippets (below) to the end of wp-config.php tells WordPress to use the user’s nickname metadata to construct the profile URLs:

add_filter( 'request', 'wpse5742_request' );function wpse5742_request( $query_vars )
 
{
 if ( array_key_exists( 'author_name', $query_vars ) ) {
 global $wpdb;
 $author_id = $wpdb->get_var( $wpdb->prepare( "SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key='nickname' AND meta_value = %s", $query_vars['author_name'] ) );
 if ( $author_id ) {
 $query_vars['author'] = $author_id;
 unset( $query_vars['author_name'] );
 }
 }
 return $query_vars;
}
 
add_filter( 'author_link', 'wpse5742_author_link', 10, 3 );
function wpse5742_author_link( $link, $author_id, $author_nicename)
{
 $author_nickname = get_user_meta( $author_id, 'nickname', true );
 if ( $author_nickname ) {
 $link = str_replace( $author_nicename, $author_nickname, $link );
 }
 return $link;
}

But wait, there’s more!

Now you have to get a proper value into the nickname field. Active Directory Integration makes this easy. In this plugin’s settings, go to the User Meta tab and enter this into the Additional User Attributes field: mailnickname:string:nickname. You’ll may need to replace mailnickname with your own Active Directory user attribute if it isn’t appropriate for you.

That’s it. The next time a user logs in, the nickname field is updated, and all future profile URLs for that user will not have a user ID.

Skepticism of the law

I’m not a Lawrence Lessig fan. He’s too radical, but he still had a great quote last year:

…I am a little surprised by the respect that non lawyers typically give the law. Because lawyers’ view is one of constant skepticism. We constantly ask and demand of the law that it explain to us: How does this make sense? And we never presume that we happen to have a body of regulation that makes sense. We always examine. Where it does make sense, we say good for the law, and we encourage people to follow it. But where it makes no sense, our perspective is that the law needs to be changed.

He only encourages obedience to laws that make sense. Later he wrote “Stop believing, stop listening, stop deferring. Feel entitled to question this system.

(Getting Our Values around Copyright Right, EDUCAUSE Review, March/April 2010)

This is refreshing. Usually, I see the paintywaist viewpoint, that all law deserves to be obeyed just because it exists.

No!

Law is just an approximation of right and wrong. It’s often off.

Americans were once required to return slaves, but it was never wrong to ignore this law and help slaves become free. Similarly, suppose 75 mph is safe on a road. 75 mph is illegal if the speed limit sign says 65, but it’s not wrong.