Web Savvy Marketers

  • About
  • Services
    • Strategic Planning
    • Marketing Programs
    • Full-Service Web Design and Development
    • Content Marketing
  • Industry
  • Portfolio
  • Blog
    • Tools & Tips
      • Google Tips
      • Internet Scams
      • Motivational
      • Tips for a good website
      • Website Writing Tips
    • Marketing
      • Internet Marketing 101
      • Philanthropy
      • Search Engine Optimization (SEO)
      • Social Media
      • Web design/Internet Marketing
    • Web Design
      • E-commerce
      • Website Maintenance
  • Contact Us
You are here: Home / Contributors / Kacee's Posts / How to Keep Your WordPress Usernames Safe

How to Keep Your WordPress Usernames Safe

June 28, 2013 Beth Devine

loophole hackers haveThere’s a simple way for hackers to phish your username and then attempt to log in through your log in page.

First, finding your WordPress log in page is as easy as typing in this:

yourdomain.com/wp-login.php

Second, they can phish for your username by entering what’s called the author archive’s URL into the address bar:

yoursitename.com/?author=1

All hackers have to do is change the author number until the usernames come up. When I tried this on two different sites I have admin access to, not only did the usernames of authors come up, but the usernames of subscribers were also exposed.

As I changed the author number, the subscriber names either popped up on the web page with “Archives for” preceding the name (even though there are no archives/content for the names), or they appeared in a drop down box beneath the address bar, or in the browser tab.

Avoid the Danger of Username Theft

In the meantime, when an author is identified with admin rights, the hacker can attempt to access your site by brute force password attacks. This loophole for finding usernames in WordPress sites confirms the danger of two things.

1. A weak password needs updated.

WordPress offers password strength help here.

Your WordPress password is easily changed in your Users Profile under About Yourself.

2. For your username, don’t choose author name, admin, administrator, or any one of the targeted usernames.

See the list of targeted usernames in the recent brute-force attack here.

Your username can’t be changed in your WordPress profile. Follow my simple steps in How to Change Your WordPress Username through your Cpanel.

For every loophole there is an equally effective loophole filler. In a perfect World Wide Web, that is. Staying abreast of countermeasures against hackers requires constant vigilance and a few WordPress plugins to keep the invasion at bay and your usernames safe.

Keep Hackers Away With a Safe Slug

While the World Wide Web isn’t perfect, there are steps you can take to keep your site secure. The WordPress plugin that works to keep your usernames safe is WP Author Slug.

By automatically creating a different display name from the username, hackers are prevented from figuring out your log in name through the author archive’s URL. Instead, the URL will show a set display name and not the username that’s used to log in.

In case you’re wondering, the author “slug” is also known as your “nicename” and is the URL-friendly version of the website title with the author name. It is automatically generated by WordPress to look like this: example.com/author/authorname.

Just wanted to clear that bit of potential slug-confusion up. Nothing like visions of a slimy slug in your URL to ruin your day.

Good luck keeping your WordPress site secure and the loopholes plugged with safe slugs.

 

Filed Under: Kacee's Posts, Tips for a good website, Tools & Tips, Website Maintenance

Recent Posts

  • Is Sustainability Part of Your Plan?
  • Preferred Utilities
  • Post Pandemic Workplace Design
  • A Review of 2022 as We Look to 2023
  • “Neurodiverse” Doesn’t Equal “Disabled”

Search this site

Call Us

860-432-8756

Our Location

222 Pitkin Street, Suite 125
East Hartford, CT 06108
Phone: 860-432-8756

Services

  • Marketing Services
  • Strategic Planning
  • Internet Marketing
  • Multi-Media Productions
  • Marketing Programs

Talk to Us

Follow us, subscribe to us, email us, or call us at 860-432-8756. We’ll use our Super Savvy Tool Belt to stay in touch however you prefer.

  • Email
  • Facebook
  • Google+
  • LinkedIn
  • Pinterest
  • Twitter
Sign Up for Email Updates
For Email Marketing you can trust.

Copyright © 2023 Web Savvy Marketers, LLC · 222 Pitkin Street, Ste. 125 · East Hartford, CT 06108 · 860-432-8756 · Privacy Policy · Log in