Many WordPress websites have been hacked in the past years. Despite setting strong usernames and passwords, many of us ignore the username side. Unfortunately, if you don’t take the necessary precautions after setting up a WordPress website, you can get attacks using your username. You need to take action to secure your WP username.
WordPress for Beginners
Is it possible to hide your WordPress username?
Yes, it is possible to hide the WordPress username.
Let’s list the methods:
Method #1: Install and Active Wordfence Security Plugin
Method #2: Paste the following code at the end of the your .htaccess file:
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/wp-admin [NC]
RewriteCond %{QUERY_STRING} author=\d
RewriteRule ^ /? [L,R=301]
Method 3: Cpanel > PhpMyAdmin
- Find your WordPress database
- Choose `wp_users`
- Make sure user_login, user_nicename and display_name are all different from each other.
- user_login is your actual username
Is there anything I can do extra to secure my WordPress website?
Yes, there are some steps you can take.
EXTRAS:
Extra Action #1:
Install Disable XML-RPC Pingback
- This plugin stops abuse of your site’s XML-RPC by simply removing some methods used by attackers and some bots from trying to hit your xmlrpc.php file.
This plugin removes the following methods from XML-RPC interface.
- pingback.ping
- pingback.extensions.getPingbacks
- X-Pingback from HTTP headers.
For more info please visit: https://tr.wordpress.org/plugins/disable-xml-rpc-pingback/
Extra Action #2: Add
Wordfence > All Options > Immediately block IPs that access these URLs
Paste these:
/wp-json/wp/v2/users
/wp-includes/js/%20
/xmlrpc.php
