Hide Any Username

July 21, 2021
WordPress Security Hide Any Username

Video Transcript

In previous classes, we’ve made some code changes that help hide or block detection of the admin username, thus preventing the would be hacker from getting half of what they need to break into our WordPress site’s admin area.

Now in this class, we’re going to detail two final ways to help prevent hackers from figuring out our admin username.

Now in many of today’s WordPress sites, the author is the admin. Many of us wear all the hats when it comes to our sites, we maintain it, we create and post the content, we answer the comments. And most anything else related to our sites, we do it. So if a would be hacker lands on your site, they might begin with looking for the author of a post and use that as half of what they need to break into your site, that being your username. Now, there’s a couple of ways to mask this, both are very simple and easy to carry out.

The first involves you creating a second user that you’re going to use solely for adding and publishing content, you would make that user an author, let me show you what I’m talking about here, we log into our admin area, I’m going to use our dummy user from the previous class, that we change the role to none. So for demonstration purposes, I’m going edit old Jimmy here, come on down and change the role are we at role right here, we change role to author and from that point on, whenever you log in as an administrator, you would use a plugin like user switching, and you’ve logged in as an administrator, you use this plugin to switch over to your author account, create and publish that content. And from that point on, even if you edit it later on, as the administrator, the administrators name is never going to be associated with that content.

It’s only associated with the original poster or publisher of that content, in which case would be someone with the author role. So if a hacker did go to that post, see the author tried to use that as half of what they need to break in worst case scenario, they use that they figure out the password for that author role, they now have hacked into your site, but do not have administrator rights. So that’s one way. Another way is to simply change what is being displayed. Let me show you if we go to this post here. And at this point, nothing has been changed. We’ve just created the site, we’ve got our user in there just happens to be a single user, it’s me as the administrator. And that is what is displayed as the author the username, not good.

As matter of fact, whenever I hover over the author name, you can see down here in the status bar next to the word author, we got that for slash, and then you’ve got what looks to be the username, but that’s called the nice name. And I’ll show you how we can change that here in just a second. But first, let’s log back into our admin area. Go to our user, the administrator user, I was going to edit that and go ahead and put in my name here. And we’re going to change the nickname to my full name.

And I’ll show you where that’s going to show up here in just a second currently, until I update my profile. In this drop down here, the display name publicly is only the default setting. So the command down here and update the profile. Now that if we look in the display name publicly as hit the drop down, we’ve got a few options now. first name, last name, last name, first name, and the full name, as well as the original user name, which we definitely don’t want.

So we’re going to change it from that to one of these other ones here. Here we go with the full name. Now let’s go on down here and update again, back to our post. Let’s refresh this. See now changed it to our display name. However, whenever I hover over this, if we look down here in the status bar is still showing our username. Actually, it’s our nice name. But right now our nice name is our username. So now let’s change that, we need to go into our database management page, the PHP myadmin. And as we covered in our prior class, there’s a plugin we can use to access our PHP myadmin directly from within our WordPress site. So you can use that or you can log into your control panel, in this case, cPanel. Go to PHP myadmin, which I’ve already done here, and then go to users. And then in your admin user account, right here is the nice name I’m referring to. not usually to login, not nickname, it’s nice name. So this is what we need to change.

Go ahead and click on Edit. And just for demonstration purposes, normally I would make this nice name the same as my display name. But just to show you how it’s going to show up. I’m just going to put park in there. So now we got display name Clark Kent. We got the nice name Clark. And we’ve got the user login right here. Let’s go ahead and click on Go. Come on back to our site. Let’s refresh again. Now whenever I hover over the author name, looking down here in the status bar, you can see now the display there or the nice name is what I changed in the database.

And again that can be done either from within your WordPress site using that plugin we covered in the prior class or directly from within your control panel. So just a quick recap, create a non admin role specifically for posting, make it an author role. And to make life easier whenever you log in as the administrator. To get to that author row, use a plugin called user switching to quickly switch between your admin role and the author role and then back and then finally masking the username by changing out the nice name not nickname, but the nice name from either within your WordPress site using that plug in to access the PHP myadmin or from logging into your control panels access of your PHP myadmin.

That’s going to bring us to the end of this class on another way to hide your username from those hackers. Thanks for checking it out and you have a great day.

Previous Lesson
Back to Course
Next Lesson