I am considering enforcing all my users to use email as their login name. But I am afraid that the username is being used somewhere that is publicly accessible, e.g. author pages, such as that it will lead to the problem of privacy or SPAM.
Is my worry valid? It is a good practice to use email as WordPress username? (ignore the fact that user might change their email..)
I would definitely not advise you to enforce this policy. For example, I can enumerate through your list of authors by simply entering
yoursite.com/?author=1,yoursite.com/?author=2, etc into my browser. This will take me to your author pages. If your users were savvy enough, they might have set their public display name in Users/Your Profile to something other than their WordPress username. Good, but you’re still not safe. Some themes will use your unique WordPress username and embed that into the HTML for CSS styling purposes. Also, there are programs like WPScan that can get a list of your authors, though I’ll admit I’m not entirely sure how that program works.In conclusion, to avoid the risk of divulging your author’s, private, personal emails, I would not take this route. If, however, their emails are company emails or are already being published on the website, then it really doesn’t matter.
WordPress’s usernames are exposed in several public facing places even when choosing a separate display name when making a post.
As for privacy/spam that’s up to you and your users.
You can enable email logins using a plugin like WP Email Login that I think still uses the “username” publicly, so that might be a good solution. I’m not 100% sure it does this though.
The username is used by some plugins and themes in place of the `display_name’ so you would have to go through the theme and any plugins to make sure that it is not exposed. This wouldn’t be terribly hard if you are developing the theme and if you have control over which plugins are used and are comfortable going through them and changing things. Since the profile interface allows you to choose the display name which “should” be the name displayed you should technically be able to do it.
The
user_nicenameis a lowercase hyphenated version of the username. It is used to create the slug for author template pages. This would mean that a nicename would need to be set if any of your users were to be authors (and their posts were shown using the author template.)However, the reason for usernames in the first place is to allow for a unique id which is not always the case with emails. For example family members sometimes share email addresses.
Yes, I would say your worry is valid. No, using emails as usernames is probably not a good idea.
You do have complete control over what information is available publicly, but you will have to think of all the possible places the usernames might be exposed in your theme and edit accordingly. Certainly possible to do, but you’ll need to pay attention to every detail.
The bigger problem, in my opinion, which has been mentioned by others is that this is an unusual practice and any plugins you use might not have thought to deal with an email address instead of a “normal” username.