I am considering enforcing all my users to use email as their login name. But I am afraid that the username is being used somewhere that is publicly accessible, e.g. author pages, such as that it will lead to the problem of privacy or SPAM.
Is my worry valid? It is a good practice to use email as WordPress username? (ignore the fact that user might change their email..)
4 Answers
I would definitely not advise you to enforce this policy. For example, I can enumerate through your list of authors by simply entering yoursite.com/?author=1, yoursite.com/?author=2, etc into my browser. This will take me to your author pages. If your users were savvy enough, they might have set their public display name in Users/Your Profile to something other than their WordPress username. Good, but you’re still not safe. Some themes will use your unique WordPress username and embed that into the HTML for CSS styling purposes. Also, there are programs like WPScan that can get a list of your authors, though I’ll admit I’m not entirely sure how that program works.
In conclusion, to avoid the risk of divulging your author’s, private, personal emails, I would not take this route. If, however, their emails are company emails or are already being published on the website, then it really doesn’t matter.
