If you have just installed WordPress on your site you will have one WordPress user account at the administrator level. It is essential that you make every effort to keep the login details for this account safe and secure.
One important factor that you need to be aware of is that, if you are using your administrator account for posting your content, you could be revealing your WordPress administrator username. To a hacker that’s half your login details handed to them on a plate.
With WordPress you can create additional user accounts with different roles that you can use for posting your content. Each of the WordPress user roles have different capabilities, and it’s good practice to create another user account with lesser capabilities that you can use for posting content on your site. Depending on how you want to run your site you can set up multiple WordPress users, the choice is yours
Creating another user account with a lesser role doesn’t mean your username will never be revealed, it’s more of an exercise to keep your top level user account information private. So if a hacker does access your site at a lower level, less damage will be done.
Check out the following link where the different WordPress user roles are explained: WordPress User Roles.
Next I will demonstrate how someone may be able to acquire your WordPress administrator username if you are using the administrator account to post your content. When checking your own site you may not see what I am going to show you as different WordPress themes work in different ways. Also the theme developers and WordPress designers are constantly working to improve security, so your site could be immune from displaying such details.
Use the following as a guide to check and see if you are inadvertently revealing your login username.
Below are the details of a temporary administrator test account I have set up for this demonstration. To get to this screen, when logged in to your WordPress dashboard, select “Users” and then click on “edit” of the user details you wish to view.
You will see I have used “testadministrator” as the username and want to display my name publicly as “Fred Smith”.
Next I published a test post. As expected my display name was “Fred Smith”. Then I noticed that when I held my cursor over “Fred Smith”, my username was displayed in the add-on bar at the bottom of my screen.
To solve this I created a link from my display name back to my home page. This time when I held my cursor over “Fred Smith” it didn’t reveal my username, as you can see in the screenshot below.
To double check this I viewed the source code of the page, this confirmed that my username was nowhere to be seen.
I use Firefox as my browser and to view the source code I can either right click on a site and select “View Page Source” or press CTRL+U on my keyboard. If this doesn’t work for you, do a search for “how to view source code in ******”, replacing the asterisks with the name of the browser you are using.
Next, as shown below, I added a comment to the test post with a reply from “Fred Smith”. The result was that everything appeared as I wanted, with no administrator username on display.
Yet when I checked the source code of the test post with comments, I found my administrator username was displayed within the text.
My concern is that I am no WordPress expert and with the limited knowledge I have, it only took me a few minutes to locate my username. This shows how easy it is to find and there are probably many other ways of locating my administrator username.
When looking to resolve this issue I discovered that this is a common problem. I did come across some WordPress plugins that appeared to fix it, however with this being a security issue I didn’t use them as plugins are not guaranteed to work.
So with that in mind I decided to do what I should have done in the first place which is create other WordPress users, which I will explain how to do next, to use for posting content, and leave the administrator account for administrating purposes.
WordPress User Registration
To create a new user, whilst logged in to your WordPress administrator dashboard click on “Users” then “Add New”.
Next enter your details in the “Add New User” form and select a role from the drop down menu that you would like to use for publishing your content. Finally click on “Add New User”, that’s your new WordPress user complete. Please note you will not be able to use the same email address that is already being used for the administrator user or any other users you already have.
To access the new user directly, you will have to log out of WordPress and then log back in using the new user details.
In Summary
1. If you have just installed WordPress and haven’t yet published any content, create a new user account, not administrator, to publish your content.
2. If you have used your WordPress administrator account to publish your content, create a new user account, not administrator, to publish your content and move your existing content from your administrator account to the new user account, as explained in this post: How to Change Your WordPress Administrator Username
Leave a Reply