Since WordPress version 3.0 – the WordPress installation has allowed you to choose an admin username that is not admin. There is now therefore, no excuse to have admin as your admin username on recent WordPress installations.
Your Admin Username Is Not Admin – Right?
If you still have admin as your login username, then you can change that by creating a new admin level user with a more cryptic username and deleting the the admin user account. Don’t forget to attribute all the posts to the new admin username.
However, having ensured you have a less obvious admin username, it may still be on show to anyone wanting to have a go at a brute force hacking attempt on your site.
But Is Your Admin Username Still Visible?
By default the URL or slug of the author archive page on a WordPress site is http://www.yoursite.come/author/nicename.
The nicename is taken from the the nicename field in the wp_users table in the database.
However, the default behavior of WordPress is to set the nicename equal to the username and hence your author archive URL will expose your username. Given that your WordPress security is controlled by both your username and password it is a pity to give away half the security if you can avoid it.
How To Fix?
I have three possible solutions.
Option One: Update The User_NiceName
This approach requires a very small amount of dabbling in the database.
- Log in to your cPanel
- Open up phpMyAdmin
- Select the correct database
- Select the wp_users
- Edit the row with the user you want to fix
- Change the user_nicename to be different from the user_login (username) and perhaps the same as the display_name and then Save.
Let’s look at a typical example. My display name might be Russell and my username rj6447sd. In this case I would change the user_nicename to be russell – note it is all lower case.
This would change my Author Archive URL from http://www.authorsure.com/author/rj6447sd (which would expose my username) to http://www.authorsure.com/author/russell (which does not expose my username).
A potential hacker might try to brute force attack using russell as the username however even if they guess the password correctly the username will be incorrect so they will not get access.
The details – usernames and passwords – given above are not real.
Option Two: Don’t Expose Your Author Archive URL on Your Site
This solution really only works for single author sites and where you can tweak the theme settings so it does not put the the byline with a link to the author archive page. The authorship of each page can then be controlled by a rel=”author” link on the “About” page on the menu as described here
Option Three: Choose To Build Your New WordPress Site Securely
Don’t set up WordPress using Fantastico with its predictable, insecure names for databases and users, as well as the default admin username; instead try using WP Whoosh which allows you to create your new WordPress site with the nicename and the display name the same, and with the all important usernames set up securely.
Whoosh offers not only offers your good security, it sets up the site for good performance and saves you around an hour messing around in the cPanel, with WordPress theme and plugin installation and set up of dummy content.
Whether you want to set up a demo site for a potential client or you are just setting up a new site for yourself, then Whoosh offers you a high quality installation while saving you precious time.
Check out our new HTML5 theme Henry which is based on the StudioPress Genesis News Theme with a few tweaks such as extra widget areas giving plenty of ad space.
The demo site uses our Genesis Club Pro plugin to show a responsive layer slider and a responsive floating social bar.
About Russell
Technologist, software engineer, internet marketer and WordPress plugin developer with experience in Finance, Telecoms and the Media.