I am working on a site that deals with extremely sensitive and personal topics of personal health. As such, it is necessary that having a user account on the site is completely confidential with zero traces left on the public-facing site.
Aside from a few admin tools, all plugins used will be written by me (so no leakage via plugins should happen); likewise, I will be creating a custom theme (all other themes removed). I can therefore be relatively sure that content does not show user links aside from comments on the blog (one of the areas where I’m struggling).
What personal information is required (and some is needed) I plan to store encrypted.
I’ve blocked enumerable profile links – stuff like
example.com/?author=42 just gets yeeted away via .htaccess. I’m assuming I can do the same for the fancy permalink version (I’ve not looked into that yet).
I’ve looked at adding a theme function to detect
/author/* pages and doing some sort of if statement that looks at if the member is logged in and/or if the page type is a member profile. However, that does not stop the member/author profile pages from existing (something I’d like to just outright remove). Also, as I said, this would not stop member comments on the blog from leaking information via the comments link – I’m struggling with that part.
I’m okay with the idea of building a firewall of .htaccess and code level redirects away from public profiles as well as redacting it in all theme parts. What worries me is that even if
example.com/author/yourname cannot easily be reached and displays “404 – no such page” it still “exists” and the URL itself leaks information.
I figure there must be a way to hook the permalink generation and create a garbage URL even if I do not know how to do so yet.
Most of my Google searches just lead to articles shilling plugins – not exactly helpful.
Which hooks and filters do I need to examine to remove any final traces of the members from the public site (while still having user accounts)?
Is there anything else I should know, try, or look at that I have not covered here? Anything else that can point me in the right direction would be greatly appreciated.