[ad_1]
Basically title.
[protocol]://[domain]/[profile_prefix_url]/[profile_name]- [protocol] – http / https
- [domain] – your domain’s name
- [profile_prefix_url] – your profile’s page name, e.g. “profil” / “profile” / “authors” / whatever your configuration is
- [profile_name] – actual, random or empty profile’s name
e.g. let’s say our RANDOM / INCORRECT or EMPTY profile’s url is:
- //yourwebsite.com/profile/random_non-existing_profile_name – it’ll display ADMIN’s profie
- //yourwebsite.com/profile/existing_profile_name – it’ll display correctly typed profile
- //yourwebsite.com/profile/ – it’ll for some reason also display ADMIN’s profile
I can understand that being logged in and clicking “profile” link, it’ll redirect to your actual profile, but even after logging in and typing random/incorrect profile names you can achieve same results.
If you are not logged in and type //yourwebsite.com/profile/ (without typing any name) you’ll see ADMIN’s profile.
I think that i have to use functions.php to block / prevent access, but come on, it’s basic functionality. You shouldn’t be able to do that!