Author Name Security

Did you know that many themes have a default that display the username for an author of a post? What could be wrong with this you say? Well, just knowing the username can be that one step closer to breaking into your WordPress website. All a hacker will now need to do is try to brute force your password for that account.

How can I protect myself?

There are many ways to make it more difficult for a Hacker, but one of the simplest for the novice user is to create a second user account in WordPress with a second email address, but only give that user account the lowest permissions possible and still be able to post. The setting you would want to give the user is “Contributor”. You can still create the post with your admin account, just be sure to go back and assign the post to the lesser permission account. This way, if a hacker happens to break into your account they will have very little permissions. A “Contributor” account can create posts, but that post will need to be approved by an  Admin in order to display on your site. While this is not a full proof way to keep hackers out, you at least limit one vector for them to work with. Just be sure to use a very strong and generated password on the “Contributor” account.

Other ways

If you are knowledgeable, you can locate where in the theme files the link to the author is generated and remove the link. This way, you can change your display name to something other than your user name and make it one step harder for a hacker to learn your username. Another option is to edit your database and change the “nicename” for your users to help hide the usernames that get displayed.


Add a Comment

Your email address will not be published. Required fields are marked *