Security tip: How to Choose a Secure WordPress Username
The third WordPress security tip in our series is to choose a secure WordPress username. This article explores why this is necessary and tips on how to do so.
We believe that choosing a secure username is as important as choosing a secure password. This is because insecure usernames help bots and hackers to gain unauthorised access to WordPress sites. After all, a username is 50% of your login information.
How do Hackers Find Your WordPress Username?
Although WordPress no longer automatically sets your username to “admin”, many WordPress users still have their username as “admin”. This is despite WordPress giving users the option to select a customer username when installing WordPress.*
In many other cases it is easy for hackers to guess a username. It is often the name of the WordPress site or the topic of it.
The other, most popular, way that hackers work out your username is through your WordPress posts. Anyone can view your username by navigating to a post and clicking on the author name. The same can be said for your WordPress post archives. This can be accessed by the url: yourwebsite.com/author/yourusername.
You can stop hackers from being able to do this in your user settings. You can enter your first and last name and your nickname. Furthermore, you can select from a combination of these for the drop down for “display name publicly as”. This way it will show the name that you choose as opposed to your username.
We also recommend creating yourself a profile as both an admin and an editor and creating posts as an editor. This is so that if a hacker does see your username and then manages to hack your site, they will only have limited access.
Furthermore, there are plugins that block external users/bots from fetching user information so that they won’t be able to type in yoururl.com/author. This is in addition to plugins that can change your username for you such as username changer plugin.
*Please note that some 1-click WordPress installers do still automatically put the username as “admin” so you will need to change this following installation.
What WordPress usernames do CuroHosting suggest?
We have spoken about how important a secure WordPress username is but how do we suggest you choose one?
- Try to make your username unrelated to the name or topic of your WordPress site
- Don’t include your own name in your username
- Don’t use your email, or part of your email in your WordPress username
- Try to create a username that would seem like gibberish to anyone but yourself.
If you need any help with creating a secure WordPress username, or your WordPress security in general you can contact our team of experts.
You can find more WordPress security tips here