“The fact is that most hackers prey on sites that are outdated or left ‘as is’ after installation. They know exactly what to look for to get into those untouched websites.”
Frank Deardurff
As more and more websites use WordPress as their builder platform, it seems that hackers try harder and harder to find loopholes to try to hijack the site because of that, it has become increasingly important to hide the WordPress author username.
I know you’re wondering why hackers would want to get into your site. As a web guy and a serial entrepreneur, I deal with hundreds of websites on a regular basis. I try to stay on top of what works and what doesn’t as well as looking for ways to better protect the websites I work with.
The fact is that most hackers prey on sites that are outdated or left “as is” after installation. They know exactly what to look for to get into those untouched websites.
Many will change from the default theme and possibly even add a security plugin, but one thing I keep seeing over and over is either the default “admin” username or something as simple as someone’s first name.
I will admit it—I’ve done that myself at one point or another, but I want to help you out so that you don’t make these same website mistakes.
Fixing The Problem
If your WordPress site is already set up, you will probably notice when you log into your dashboard and go to the user page (Click on “Users” on the left menu and then “All Users” and select your “Use”r.) You will see that the username is grayed out. That is because WordPress doesn’t like you changing it once it is set.
While you could access the database and change it that way (NOT recommended unless you really know what you are doing.) Or you can use a plugin called Change Username. This plugin will add a link next to the username field that will allow you to change the username. Simple as that.
This fixes one issue but there is one more thing that you must do so that your username isn’t seen. I’ve discovered that WordPress uses the Username for what they call the “Author Slug.”
If you visit your blog page and are using the author byline, it will show your “Display name publicly as” which is fine but, if you click on your author name you will be redirected to an author’s archive page. Looking in the URL address bar, you will see something similar to http://yoursitename.com/author/username. Using the data from the image above, mine would appear as http://thatonesite.com/author/Change- Me-13, which of course defeats the purpose of changing the username in the first place.
As you can imagine, the hackers already know that the author slug is your username. So, what do you do about that? Some suggest hiding the author page, but I feel like that page is good to have as an archive page of your posts. So, after a little digging around, I found a plugin called “WP Author Slug.” You can search in the add plugin feature in WordPress to find it.
In my example above, I didn’t change the Nickname field and as you can see, it duplicated the username. You can easily change it in that field if you want to use that as your selection.
After installing the plugin, return to your user page and select the drop-down next to “Display name publicly as” and choose the option you like and save the profile.
I would strongly suggest if your author slug was how you wanted it, I would set it back to that so that you don’t lose any previous search engine indexing you may have already had with that archive page.
This might seem like a little bit of work but it will be a lot less effort than restoring your website after you’ve been hacked.
