No matter what the nicknames of the users are setup, or how the users should be displayed publicly, the Dashboard widget also displays the Usernames. That is 50% of the credentials needed to hack into the site with some brute force. Yes, login limit plugins and other security plugins may add protections, even 2 factor auth., but you will be shocked how many do not deploy any of those…

I suggest to either do not show the Usernames, or even better, make the Widget work only for the Site Admins. At the beginning of the code check if the current user is an admin, and if not simply return…

Other than that, it’s perfect and works well, too well for its own good…

Update: I just also noticed that when a user logs off, or simply closes their browser, their name still appears in the Widget as “Logged In”.

• This topic was modified 8 months, 1 week ago by nick6352683.