How to hide username

[MikeCloutier]

When someone clicks on the author link on my self-hosted website, my login user name is shown as part of the url for the link. It seems to me that this partly defeats the security of the login process. Since that is the case, I might as well use my real name to login, unless there is a work around in either the WP code or the theme code.

[developdaly]

You could use a plugin that makes you login with your email address rather than a username.

[chipbennett]

When someone clicks on the author link on my self-hosted website, my login user name is shown as part of the url for the link. It seems to me that this partly defeats the security of the login process. Since that is the case, I might as well use my real name to login, unless there is a work around in either the WP code or the theme code.

In your theme template files, look for the_author_link() tag, probably somethink like:

PHP Code:

This post written by <a href="<?php the_author_link(); ?>"><?php the_author(); ?></a>.

If you want to leave the author's name, replace the above with:

PHP Code:

This post written by <?php the_author(); ?>.

You may need to look in the following template files in your theme:

• index.php
• single.php
• archive.php
• category.php
• tag.php
• page.php
• search.php

There may be others, but hopefully that should point you in the right direction.

HTH

[chipbennett]

When someone clicks on the author link on my self-hosted website, my login user name is shown as part of the url for the link. It seems to me that this partly defeats the security of the login process. Since that is the case, I might as well use my real name to login, unless there is a work around in either the WP code or the theme code.

Also, if you are concerned about brute-force attacks on a given username, you could use the Limit Login Attempts plugin.

[Jeffro]

I wonder if the_author_link() just shows the configured display name for the post author or if it shows the actual username of the author.

[chipbennett]

I wonder if the_author_link() just shows the configured display name for the post author or if it shows the actual username of the author.

I think the issue is that the link goes to the Author profile page, which shows the userID in the URL.

The tag that shows the display name is the_author(). It is usually used as the display text for the anchor tag in which the_author_link() generates the href.

[MikeCloutier]

Thanks for your input on this.

What it does, and you should probably see it on your own WP blogs, is the author link (My Name) points to url "domain/author/username" instead of "domain/author/MyName". The user name being my login user name instead of anything that I configure in the WP settings options.

It's not a big deal, but I would think that with the troubles people had with attacks on blogs that used the default Admin username and the advice to change it, it would make sense to not have the login name publicly visible. I'd just as soon use my real name for a login name and use the brute-force limiting plugin or something.

[chipbennett]

Thanks for your input on this.

What it does, and you should probably see it on your own WP blogs, is the author link (My Name) points to url "domain/author/username" instead of "domain/author/MyName". The user name being my login user name instead of anything that I configure in the WP settings options.

It's not a big deal, but I would think that with the troubles people had with attacks on blogs that used the default Admin username and the advice to change it, it would make sense to not have the login name publicly visible. I'd just as soon use my real name for a login name and use the brute-force limiting plugin or something.

If you are that concerned about username security, you could always use two accounts: one for administration, and one for content creation. That way, any public-facing content would be tied to your second account, which could be limited to "contributor" user role. (I've one this in the past, but found it to be fairly inconvenient.)

As far as I know, there is no way to change what is displayed in the URL for the author profile. Using display name is problematic, because display name often (usually) contains spaces ("FirstName LastName"), which don't make for pretty URLs.

Your best bet for obscuring username completely is not to link to author profiles, and not to display usernames. Though, I question the necessity of doing so.

[MikeCloutier]

Just to follow up, I found a plugin that does the trick. It's called Edit Author Slug.

[Otto]

I never will understand why people think that the username should be secret.

Having your username+password both be secret is NOT any more secure than just having your password be a secret.

Really. Why will nobody believe this simple and glaringly obvious fact?

If you're concerned about brute force attacks, then use a better password. Longer. More weird random characters. Do you seriously think somebody could brute force a password of "JNDy247S#@!xujws", for example? You could keep the password in a file, or use a password manager, and copy/paste it when you need it.

Nobody even TRIES to brute force passwords anymore. Especially not through a web interface. Why? Because it's pointless, as there's tons of better methods of attack.

Your username is not secret information. It doesn't help a real-world hacker to know it.

Time spent hiding your username (or WP version number) is time wasted. You've spent a lot of effort to improve nothing whatsoever.