Protect Member Pages
It’s well known that if you don’t change your member profile trigger word from the default of “member,” that anyone can browse to your site and see a list of members.
This recently came up again in a tweet from Ryan Masuga and what followed were some good suggestions on what to do make the issue of inadvertently exposing your member list go away.
(My favorite is AJ Penniga’s highly technical solution to the problem.)
Read a full list of the suggestions
Posted on Dec 01, 2011 by Ryan Irelan
Share on Twitter
Fred Carlsen — 11:00 on 12.01.2011
I think you should include some of the tips here, because those Twitter links are most likely going to die/become unaccessible.
I think the best solution is Rob’s suggestion of setting the trigger to %, which causes a 400 Bad Request reply. It makes the member page totally unaccessible.