Home > WordPress Tips and Tricks > WordPress Author Names Are Important For Security

WordPress Author Names Are Important For Security

With all this talk about brute force attacks on CMS platforms like WordPress, we wanted to discuss an oft forgot security hole in the system: author names.

By this point everyone knows that they need to change the default username, but what sometimes gets forgotten is that your nickname/author name /display name is automatically set to match your new username.  So if you don’t update these as well – it’s pretty simple for a hacker to figure out what username they should try.

For example, at the bottom of this post you’ll see:

If you click on that link, it’ll take you to my author page on the site – showing all my posts in one place.  Luckily, I’ve changed my display name to not match my username – so even if a hacker went this far, if they tried ‘Mr McNamara’ – they wouldnt be able to log in no matter how many passwords they tried.

So, how can you update your user profile for this security measure?

  • Once you login to your WordPress backend, on the left hand side of the screen you’ll see the navigation list of options: pages, posts, appearance, etc.  Click on ‘Users’ to go to the user admin panel.
  • From there, scroll over the user you want to update and click ‘edit’ when it appears.
  • You’ll open into a page where you’ll find the following set of fields (these may vary slightly as new WordPress versions come and go)

  • Administrative usernames can’t be changed from the WordPress control panel once your WordPress setup has completed, so you just need to make sure your nickname and your display name are NOT the same as the listed username. Note that you can change the administrative username using 3rd party plugins or directly from the database table.
  • Once you’ve updated both, click save (depending on your WordPress version it will ask you if you want to update all your posts to show this new author name – YES YOU DO!)
  • If you leave these fields blank they will likely default to your username so make sure you enter something in these fields that is different from your username and make sure you hit “Update Profile”.

Now unfortunately you also have to make a change to the database because the WordPress core code also uses the author username as the page URL for your specific author page. Even though your “authorship” name will now be updated on all your posts and pages the original username will still appear in the URL pointing to your authorship page. This value is pulled from the database field “user_nicename” in the “wp_users” table.

Here’s how to change the URL value and hide your username. These steps assume your hosting account is setup with phpMyAdmin and you have access to and editing privileges to the WordPress database. If you don’t have database editing experience, you might want to make a database backup just in case and/or ask someone experienced to make this change. An incorrect change to your database can potentially take down your entire website.

PROCEED WITH CAUTION:
1) Go to your hosting account’s cPanel and click on the “phpMyAdmin” icon. If you don’t see it, look for a “MySQL Databases” icon, click it, scroll down to the bottom of the page, and then click the phpMyAdmin link.
2) Select your WordPress database from the menu on the left.
3) Select the wp_users table, and then click the “Browse” tab.
4) Locate the row that has your username in the user_login column. Click the Edit button (the pencil icon) on that row.
5) Enter the new URL version of your name into the “user_nicename” field.
6) Click “Go” to save your changes.

And that’s it.  These two relatively simple changes makes it that much harder for hackers to get your username. Remember no website is bullet proof but you can take some easy steps to not be the slowest gazelle in the herd.

WordPress Tips and Tricks

  1. Torri
    April 16, 2013 10:32 pm | #1

    Thanks for the clear discussion of this attack. I’m looking forward to your next posting discussing these attacks in more detail. Cheers!

  2. Kim
    April 17, 2013 9:24 am | #2

    Hi Eric! I’m at work browsing your blog from my new apple iphone! Just wanted to say I love reading through your blog and look forward to all your posts! Keep up the excellent work!

  3. Mariano
    April 17, 2013 11:02 pm | #3

    Hey I know this is off topic but I was wondering if you knew of any widgets
    I could add to my blog that automatically tweet my newest twitter
    updates. I’ve been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience with something like this. Please let me know if you run into anything. I truly enjoy reading your blog and I look forward to your new updates.

  4. Beulah
    April 23, 2013 6:13 pm | #4

    Wow! Finally I got a blog from where I can truly get valuable data regarding my SEO studies and knowledge.

  5. Marina Gates
    April 23, 2013 8:16 pm | #5

    I’m not that much of a online reader to be honest but your
    sites really nice, keep it up! I’ll go ahead and bookmark your website to come back in the future. Cheers

  6. Pearl Schaefer
    April 25, 2013 4:29 am | #6

    Do you mind if I quote a couple of your posts
    as long as I provide credit and sources back to your webpage?
    My blog is in the exact same niche as yours and my users would
    certainly benefit from a lot of the information you provide here.
    Please let me know if this ok with you. Regards!

  7. Lenard
    April 28, 2013 6:09 am | #7

    Way cool! Some very valid points! I appreciate you writing this article and the rest of the site is extremely good.

  8. Bridget
    April 30, 2013 7:20 pm | #8

    Great info. Lucky me I found your blog by accident (stumbleupon).
    I have bookmarked it for later!

  9. Harley Tyner
    May 1, 2013 8:38 pm | #9

    Good day! Do you make any plugins to safeguard against hackers?
    I’m kinda paranoid about losing everything I’ve worked hard on.
    Any suggestions?

  10. Mitchel
    May 8, 2013 8:50 am | #10

    Hey! I understand this is kind of off-topic however I had to ask. Does operating a well-established website such as yours take a lot of work? I am completely new to writing a blog however I do write in my diary on a daily basis. I’d like to start a blog so I will be able to share my personal experience and feelings online. Please let me know if you have any kind of recommendations or tips for brand new aspiring bloggers. Thankyou!

  11. Jim
    May 9, 2013 1:24 am | #11

    It’s a pity you don’t have a donate button! I’d certainly donate to this superb blog! I guess for now i’ll settle for book-marking and adding your RSS feed to my Google account.
    I look forward to new updates and will talk about this site with my Facebook group. Chat soon!

  12. Lucy
    May 12, 2013 2:38 pm | #12

    Great article.

  13. Kavin
    June 5, 2013 11:12 am | #13

    Hi i am kavin, its my first occasion to commenting anyplace, when i read this paragraph i thought i could also make comment due to this good piece of writing.

  14. Lowell Tapp
    June 18, 2013 10:03 pm | #14

    Hello there! Quick question that’s completely off topic. Do you know how to make your site mobile friendly? My blog looks weird when browsing from my iphone4. I’m trying to find a template or
    plugin that might be able to resolve this problem. If you have any suggestions, please share. Many thanks!

  15. Chuck Dowling
    June 19, 2013 11:58 am | #15

    Hello there! Do you know if they make any plugins to assist with Search Engine Optimization?
    I’m trying to get my blog to rank for some targeted keywords but I’m not
    seeing very good results. If you know of any please share. Thank you!

  16. Kristopher
    July 11, 2013 6:15 pm | #16

    Hi there! I just wanted to ask if you ever have any issues with hackers?
    My last blog (wordpress) was hacked and I ended up
    losing several weeks of hard work due to no data backup.

    Do you have any solutions to protect against hackers?

  17. Leonida
    July 17, 2013 12:58 pm | #17

    Hi! Someone in my Myspace group shared this site with us so I came to look it over. I’m definitely enjoying the information. I’m bookmarking and will be tweeting this to my followers!

  18. Dominic
    September 6, 2013 5:32 pm | #18

    I treasure the knowledge on your websites. Regards.

  19. Virginia
    January 1, 2014 6:28 pm | #19

    Good day! This is my first visit to your blog!

    We are a collection of volunteers and starting a new project in a community in the same niche. Your blog provided us valuable information to work on. You have done a extraordinary job!

  20. Arielle
    May 9, 2020 8:44 pm | #20

    Great post.

  1. No trackbacks yet.