If hackers have your WordPress username, they’re halfway to hacking your WordPress. With my first WordPress, I was hacked within a year due to carelessness. That was around 8 years ago. This is how to hide WordPress usernames and author links.
I’ve learned from that experience and I’m extremely cautious now. I take extra precautions to make sure my website is secure, which includes removing all WordPress author links. WordPress usernames is one of the easiest things for hackers to find on your website.
WordPress is a fairly secured content management system, but it does have a lot of exploits in it. The most annoying thing is WordPress Usernames are dangled in front of hackers like candy is dangled in front of kids.
Therefore, we’re going to show you how to hide WordPress usernames and author links.
WordPress doesn’t seem to concern with the issue and pushes users to have strong passwords. However, I’ve taken extra precautions to hide my WordPress usernames for security reasons. Does having a strong password stop hackers? Sure. Most of the time.
However, it’s only a partial solution. Would you want your bank account’s username displayed? I don’t think so. Yes, WordPress and bank accounts are two different things; but, there aren’t if you have an eCommerce business with customer financial information.
Therefore, it’s necessary to hide your WordPress usernames.
There are many precautions to remove any author links on your WordPress site. Here are some simple steps to remove any author links on your WordPress site:
Remove Author Information Box
The first thing to do would be to hide your author box under ‘User Info’. This removes any permalinks on posts revealing the authors’ usernames. There’s no need to have an author page if you’re the only contributor to your blog.
Your ‘About Me’ or ‘Author Widget’ on your sidebar should be enough to let visitors know your story. It’s as simple as that. If you’re using Yoast SEO, there’s an option to exclude ‘Author’ from sitemap. Use it.
Yoast Recommended settingsRemove Author Permalinks
The next thing would be to remove all author permalinks on your WordPress site. This would be dependent on your theme. There should be an option to remove ‘By Author’ on every post or archive page.
If not, it’ll be a good idea to contact your theme’s author. They should be more than willing to help you out. That’s another step on how to hide WordPress usernames.
Hide Author Links With CSS Code
After the first two, I take an extra precaution to hide all author links with a simple CSS code on posts and archive pages. I add the below CSS code to my theme’s Custom CSS code section. This will remove all author permalinks on individual posts and archive pages.
.author{ display:none !important;}
Use WordFence
WordFence is the most popular security plugin on WordPress.org with more than a million installs. Its free version offers a lot of great tools with a firewall. However, there are three WordFence options that stands out for me. It’s extremely helpful. Here are the following:
Block Invalid Usernames
WordFence has an option to immediate block invalid username logins. The option is handy because WordFence immediately logs the username and IP address.
With the logs, the admin could permanently block the IP address and username from further access to the website. Trust me. Hackers tend to try the username while using the same IP address multiple times.
Don’t Reveal Usernames
WordFence has another great tool, which it won’t reveal valid usernames. Let’s say the hacker is able to guess your username. WordFence won’t confirm whether it’s valid or not. This is great cause it’ll make the hacker keep guessing whether it’s valid or not.
Blocking Author Lookup
Hackers use a WordPress loop hole to reveal usernames by visiting the following extension “/?Author=Rel”. WordFence has an option to not reveal the username if the extension is visited.
In addition, they have an option to immediately block visitors if they try to access certain WordPress files. In addition, they have an option to notify the admin of any successful logins.
WordFence Recommended settingsDon’t Use ‘Admin’ As Usernames
I hate the state the obvious, but don’t use ‘admin’ or obvious usernames like your website’s name. I can’t count how many times hackers have tried to access my administrator account with ‘admin’ as the username. It’s always the first attempt every hacker.
If I was given a quarter for every admin login attempt, I think I’ll be a millionaire now. This is a very important thing when it comes to how to hide WordPress usernames and author links.
Use Strong Passwords
Lastly, make sure your password is strong. How strong? I would recommend 20 characters or more with a good mix between uppercase, lowercase, numbers, and special characters. I would also strongly suggest using a password generator. It definitely helps.
My passwords are always at least 25 characters and I make sure I change it on a weekly basis. I keep a spreadsheet with all my passwords and usernames on my laptop. The spreadsheet is protected by a password, so I only have to remember one password.
Summary
With all the data breaches lately, I would strongly suggest hiding your username. We’ve seen data breaches from Spammers to the most recent Equifax. Hackers are getting more sophiscated, so shouldn’t help them.
That’s how to hide wordpress usernames and author links. Let us know in the comment section if you have any other ideas on how to hide WordPress usernames.
Learn how to protect yourself as a blogger or influencer here.
Photo by Matthew Henry on Unsplash
