Safely fetch a list of users posts

From Wordfence Documentation
Jump to: navigation, search

Disabling WordPress default list of posts by authors is important to prevent bots that are scanning your site from detecting valid user login names. Some themes provide custom functionality for listing posts by author. If you want to develop custom functions, here is a bit of code to get you started. This code implements a shortcode solution to listing authors posts. Shortcodes can be inserted in to any post or page in WordPress.

Code to put in functions.php or preferably a dedicated "shortcodes.php" file which is included in your functions.php

function wf_author_postlist($atts, $content = null) {

    extract(shortcode_atts(array('id' => '1'), $atts));  
	
	$args = array( 'author' => $id );	
	$myposts = get_posts( $args );
	
	$html = '<ul>';

	foreach ( $myposts as $post ) : setup_postdata( $post ); 
		$html .= '<li>';
			$html .= '<a href="'.get_the_permalink($post->ID).'">'.get_the_title($post->ID).'</a>';
		$html .= '</li>';
	endforeach; 
	
	$html .= '<ul>';
	
	wp_reset_postdata();
	
	return $html;
}

add_shortcode('author_postlist','wf_author_postlist');

To produce a list of an authors posts in any post or page simply insert the shortcode below. Provide the parameter "id" with the WordPress userid to specify which user. The function returns posts for user with id = 1 by default.

[author_postlist id="2"]