What are some tips I can use to protect my WordPress username?
This week’s Wednesday Q & A question is one I get asked a lot.
First, I want to make very clear that no website is ultimately and absolutely safe from hackers. If they want in, they’re going to get in, it’s just that simple. The upside to this is that a lot of the time a hacker will move on to the next site if they hit some sort of obstacle.
Why am I telling you this? Because you need to accept that the only way a website is totally secure from hackers is to NOT BE ON THE INTERNET AT ALL. Basic common sense.
However, there are tips and tricks to make the hackers work a little harder, and, hopefully (ultimately), encourage them to move on down their troll list.
2 Things you can do to protect your WordPress Username
#1 ~ Raise your hand if you are guilty of STILL using “admin” for your username? Yeah! It’s time to change that! It doesn’t matter how strong your password is at this point. You have just given the hackers 50% of what they need to get into your site and muck it up. Follow the easy step-by-step instructions below to fix this security SNAFU.
A) Sign in to your WordPress dashboard. Scroll down to “Users” and click on “Add New”.
B) You are now at the “Add New User” page. Fill it in with all your information from your original user account, BUT THIS TIME COME UP WITH A USERNAME THAT IS NOT “Admin”.
Oh, I’m sorry! Did that look like I was shouting at you? Oh wait! I am!!
Keep your password the same, if it’s a strong one. If you want your WordPress to send you an email with the new information, tick the box. And DO NOT FORGET to pick “Adminstrator” from the dropdown menu at “Role”. See screenshot below for reference.
After the new user has been created and saved, you need to log out of your WordPress. Then log in as your new username. Click on “Users” then “All Users” — this will open a list of all the users in your blog.
DELETE the admin user account with ADMIN as the username. It will ask if you want to transfer all this user’s info to another user. You want “YES” and choose the admin account to transfer it to — this would obviously be the new user you have just created.
YAY! No more “admin” username! I’m so proud of you!
#2 ~ Did you know that your author page gives away your username? Yep. Giving the hackers 50% of the puzzle … AGAIN!
The “author” page comes up when you click on the author’s name of each post. The image below has my author link circled.
That link would go to http://bloggingwithgypsy.com/author/kimberly-gypsy-losavio/ and show all the posts that I have authored.
So, what’s different from my author link than from yours? My link doesn’t give away my username. Go ahead and check yours. Open up one of your blog posts and click on your name. Then check the link. You will notice that it says yoursite.com/author/your-wp-username.
If you want to change that, keep reading. It’s a pretty easy to fix. However you need to be comfortable with changing something in your actual database files. I promise, it’s very easy. I do, however, strongly suggest that you make a backup of your database or make sure you have a recent back up. Or have your VA or favorite tech person do this for you if you’re not comfortable with messing around with your database.
Here is a step-by-step process to change this through your hosting service’s cPanel.
A) Log in to your hosting service and get into your cPanel. Then scroll down to the “Databases” tab. There may be several options available. Click on phpMyAdmin.
B) Click on and open the database that stores your website. In most cases there should only be one database listed. Once it’s opened, you will see a list of tables. Look for the table that ends with “users“. It would be something like “databasename_users“. Then click on it.
C) Now the Users Table is open. You are looking for “user_nicename“. This is what we are changing. And there are 2 ways to do this.
1) Click on the pencil/edit. Scroll down to user_nicename. Then type in the new name you want to show up in the Value box. Click on GO. This saves your changes.
2) Double-click on the box under “user_nicename” where your username is and change the name. Once you click outside that box, it will save.
D) Go ahead and close the phpMyAdmin window, then refresh your blog post page that you had open earlier. Now when you click on your name, the link in the URL bar should show the name you just put into the user_nicename box.
You learned how to do 2 new things today! And I am so proud of you!
You finally got rid of that “admin” username. And you are safe from me shaming you. Well, that is if you changed it. If you still haven’t changed it, you are leaving yourself open to shaming. Seriously — GET RID OF THE ADMIN USERNAME!!!
You also learned how to change the user_nicename inside your database tables without breaking anything! WOOHOO!!
Time to celebrate!!
Come on and share your WOOHOOs below! Feel free to ask questions, too. I’d love to help!