WordPress Security | Reduce Risk of hacking by 99% instantly with this simple setting

Posted on

One of the most annoying parts of running a website are those beloved hackers trying to intrude your site.

To fight this I once installed the “Limit Login Attempts” plugin, which is well known in the scene and does its job. However, did you ever wonder, when looking at the protocols that most login attempts are made using one of your actually existing usernames?

Sure, there’s no “admin” user on my site, but previously there used to be standing actual and real usernames…. And I always wondered WTF they know about?!

How they know about Usernames

WordPress has three different names for Users:

  • Username (Login) – Being used for the general login to your site (login, sign-in)
  • Display Name – Website visitors can see user profile details. Is i.e. shown next to user posts (post author name).
  • Nicename – Unique name which is used in WordPress to generate a user Profile Page. It is also called the “user slug”.

And this profile page is the killer.

The cause and the effect

After a regular user registration process, UsernameDisplay Name and Nicename are set the same. For example If you register a user with “Steve45” Username your registered names look like this:

  • Username – Steve45
  • Display Name – Steve45
  • Nicename – steve45

So whether you display a blog or not, the URL of the profile pages are found in your site’s HTML. And the profile page URL will look like this: 

example.com/community/profile/steve45/

There you have it! The alledged username is right there in the publicly available code of your site. As said, this is even if you don’t use the profile page.

An illegal bet – and the fix

And that is what hackers assume. Their bet is for you not be bothered about the Nicename and therefore being the same as your Username.

So the easy hack for eliminating every hacking attempt with real and actual usernames is to simply set a Nicename different to your Username.

  • Username – Steve45
  • Display Name – Stephan P.
  • Nicename – Little-Steve

Hacking attempts without the correct username are typically 99% less successful than otherwise!

You’re welcome 😉

PS.
No, this post is not sponsored by anyone. I just like the plugin mentioned above and I don’t really care about how it looks.

Posted in WordPress.

Leave a Reply

Your email address will not be published. Required fields are marked *