Hide your WordPress username for extra security

I love WordPress but there are a few defaults which aren’t great from a security point of view. One obvious example is the way that WordPress makes your username visible to the whole world in the slug of your author archive which generally appears at www.yoursite.com/author/username. There is often a link to this URL included on every single post you publish making it extra easy to find. To avoid the chance of some malicious fool gaining access to your site you should hide your WordPress username to keep both your password and your username secret.

What WordPress is actually showing in the author URL is what’s called your ‘nicename’. Your nicename is stored separately in the site database and matches your username unless your username contains any special characters. WordPress sets this to match your username automatically when your user account is first created and uses it in the aforementioned author URL. Which is a bad idea as it gives potential attackers a head start on gaining access to your website.

Hide your WordPress username by removing it from the author URL

If you have access to your website’s database it’s very simple to change your ‘nice name’ and thereby replace the username that appears in your author archive with something else. If you use a GUI like PHPMyAdmin or MySQLWorkbench just go to the users table (by default called wp_users) and find the row for your account. You should see columns for user_login, user_pass, user_nicename and some others. You can change the entry from user_nicename to anything you want but as this is where you do want to be identified it makes sense for this to be you first name or full name.

You want to end up with something like this:

IDuser_loginuser_passuser_nicename
1notyournamesomethingreallysecretyourname

If your user_login and user_nicename are both already set to your first name or full name I’d strongly recommend changing your user_login to something more secure. You can do this from this table too. The only thing your user_login should be used for is logging in so it doesn’t need to be short or look cool. Just don’t try to change your password here, you’ll need to do that through the WordPress settings page.

Changing your WordPress nicename with a plugin

I prefer to make these sort of changes to the database manually but if that’s not possible or you don’t feel comfortable making edits to the database directly then using a plugin is probably the better option. Install and activate the Edit Author Slug plugin and you’ll find you can change your username very easily. This plugin also allows you to change the ‘author’ part of the URL meaning you could, if you wanted, direct people to an archive your posts at www.yoursite.com/wizards/yourname

Redirecting your old author URL to your new one

If your old author URL has been listed in search engines you may want to create a 301 redirect from the old URL to the new one. You can do this at the web server level or with a plugin such as Simple 301 Redirects.