As more and more websites use WordPress as their builder platform, it seems that hackers try harder to find loopholes to try to hijack the site. In this post, I will explain why It’s important to hide WordPress author username.
I know right away you’re thinking why would hackers want to get into my site that’s a good question but I think that is to be answered in another post so that we can stay on topic for this one. 😉
As a web guy and a serial entrepreneur, I deal with 100’s of websites on a regular basis. And I try to stay on top of what works and what isn’t as well as looking for ways to better protect our websites.
The fact is, most hackers prey on sites that are outdated or left as is after installation. That way they know exactly what to look for to get in.
Many of us will change away from the default theme and maybe even add a security plugin but one thing I keep seeing over and over is either the default “admin” username or something as simple as your first name.
I admit it, I’ve done that myself at one point or another. But I want to be sure to help you out so that you don’t make the same website mistakes I see happen over and over.
If you’ve already set up your WordPress site you will probably notice that if you log in to your WordPress dashboard and go to the user page (Click on Users on the left menu and then all users and select your user.) You will see that the username is grayed out. That is because WordPress doesn’t like you changing it once it is set.
Now you could access the database and change it that way (NOT recommended unless you really know what you are doing.) Or you can use a plugin called “Change Username” you can find it by searching when adding a new plugin. (Ask me if you are unsure.)
This plugin will add a link next to that username field that will allow you to… change the username. Simple as that.
This fixes one issue but it also but there is one more thing that you must do so that your username isn’t seen. I’ve discovered that WordPress uses the Username for what they call the “Author Slug”.
If you visit your blog page and are using the author by line, It will show your “Display name publicly as” which is fine but, if you click on your author name you will be redirected to an authors archive page. Looking in the URL address bar you will see something similar to http://yoursitename.com/author/username. Using the data from the image above mine would appear as http://thatonesite.com/author/Change-Me-13 which of course defeats the purpose of changing the username in the first place.
As you can imagine, the hackers already know that the author slug is your username. So what do we do about that? Some suggest just hide the author page but to me, that page is good to have as an archive page of your posts. So after a little digging around, I found a plugin called “WP Author Slug” again just search in the add plugin feature in WordPress.
In my display above I didn’t change the Nickname field as you can see it duplicated the username. You can easily change that in that field if you want to use that as your selection.
After installing this plugin, just return to your user page and select the drop-down next to “Display name publicly as” and chose the option you like and save the profile.
I would strongly suggest if your author slug was how you wanted it I would set it back to that so that you don’t lose any previous search engine indexing you may have already had with that archive page.
At first, this might seem like a little bit of work but it is a lot less work than restoring your website after you’ve been hacked.
I hope you found this article useful. Feel free to comment in the section below if you have questions on this post or suggestions for other posts you would like to see.