WordPress security guide 01- Hide login detail from author page


Have you ever seen nightmare in broad day light?

I did!

Don’t get me wrong. I haven’t lost my mind neither I’ve gone insane.

If you were me, you would have acted the same way like I did when one of my WordPress blog got hacked. Trust me it’s not fun at all if your website gets hacked.



WordPress Security vulnerability has always been a nagging issue. If you’re using WordPress as a CMS , you got to be very careful and should take every possible measure  to strengthening your WordPress security.  Among many loopholes, WordPress login username is one, which could be easily identified via author archive page’s permalink and can be compromised by a hacker. You can check it by yourself here;


If you go to author archive page let’s say its Admin/john/angel whatever it may be, it will show on username place and can easily be identified. Once the hackers have your username it becomes easier for them to use boot force and crack your password.

Let me explain in detail.

The way it works:

When you sign up for a new user account on WordPress you are assigned a username which is basically login name and a password.

There is a folder is WordPress database name wp_users which has different elements like

User_login         User_pass           User_nicename                               user_email

When a new username created the WordPress database gets populated with relevant credentials. Where User_login (username) and User_nicename which is basically author name by default get populated with same username credentials. We cannot change that at the time of signing up nor from the WordPress dashboard menu.
Here’s an example to make things more clear.

Suppose you sign up for a new user account named angelina. By default user name and author name become ‘angelina’ and author permalink looks like;


As I mentioned before, unless you alter author name credentials it takes second to figure out the username is ‘angelina’ for a hacker. If the username has a weak password the game becomes easier for him to get in to your WordPress dashboard with little tricks.

Wordpress Security – How to Hide Your WordPress Username:

The only possible way out here is to change the User_nicename completely deferent from username. If they are different then it won’t be possible for anyone to know what the actual username is. Your WordPress become more secure and hacker don’t stand any chance to get through your security measure.

For example, user_nicename is ‘angelina’. Now if we change it to say ‘amanda’ the author archive page URL becomes http://yoursite.com/author/amanda for the user angelina. Now it’s simply not possible for anyone to guess the actual username.

Here comes the question how you can change the user_nicename as I said before there is no option in WordPress dashboard to do that.

Well, you need to have access to your cPanel. Just follow the below mentioned process to make a small amend in your WordPress database.

  • Login to your cPanel
  • Go to phpMyAdmin
  • If you have multiple databases loaded (more than one WordPress blog) choose the right database.
  • Select and edit the username you want to alter



  • Change the User_nicename something else just different from User_login
  • Hit on ‘go’ button to save the change you made

Username ‘Angelina’ and ‘Amanda’ were used for giving example and you can choose something else the way you want.

There are some extremely important things you need to keep in mind while changing user_nicename otherwise it may effect you heavily.
  • User_nicename could be changed to anything. Practically anything but it is highly advisable to keep it simple like a name to make it search engine friendly.
  • Do not use any space between words. Suppose if you choose a name like ‘Amanda Bryan’ type without giving any space, – or numbers in-between name and surname i.e AmandaBryan or Amanda-Bryan. Otherwise it will return as 404 errors! It will effect immensely because every time crawler reaches there will return with 404 errors causing massive damage to site’s  SEO performance.
  • You can use numbers, letters,  _ or  – but it’s not advisable to use any special character. Example, ‘Amanda-Bryan’ is good to use.
  • Not case sensitive at all. ‘Amanda’ or ‘amanda’ both read same way in the archive URL.
  • Now there is another critical part to notice. After updating User_nicename check with Google indexing whether previous (old) author archive page is still indexed or not. Make a search with,  http://yoursite.com/authour/oldusername. If it’s still there on Google search result then you have to make a link removal request through your Google Webmaster Tools account.
  • Do you know after making so much effort still there is another loophole which might leak your WordPress login username! Trust me I don’t have any intention to scare you. I’m just trying to make you remember to check your WordPress dashboard user menu for ‘username and ‘Nickname’ they still may be the same which will reveal on author archive page as writer’s name and page title of your browser.


Go to WordPress dashboard>Users>Select the user you want change nickname and display name publicly as>Alter the name.

  • Finally you completed all necessary steps to secure your WordPress by hiding WordPress login from Author Archive. Now check with updated author name whether it shows or not. If it still displays old username don’t worry, clear your browser cache and repeat the process and it will show the updated author name.
Final Words:

This was it. I hope now you can hide your author archive page and secure wordpress from hacking.  This is the first article of our WordPress security guide series. Stay tuned for more tips to make your WordPress bulletproof. If you still need any further assistance to complete the above mentioned process feel free to ask in comment section.



Post By Saikat Hazra (27 Posts)

Hello friends, This is me Saikat, the co-founder of this blog. An investment consultant who eventually turned into a professional blogger. Feel free to connect me on Google+. You can follow my post on Twitter


  1. JuliusOFGU December 27, 2014
    • Saikat Hazra December 30, 2014

Leave a Reply

Your email address will not be published. Required fields are marked *