How WordPress Exposes Your Admin Username & How to Fix It!
Home | What’s New | Start Here | Contact | Create a Website Blog
The Issue:
I received an alarming DM from my e-buddy, Darren of Small Biz Geek. He pointed out that WordPress exposes your admin username in certain scenarios.
Say whaaaaaaaaat?
Even if you’ve changed your admin nickname, your real username might still be visible.
The Vulnerability:
Darren figured out a way to identify the login username for a new site without much effort—just by hovering over the author byline. This is a serious issue because it reveals your admin login credentials.
How crazy is it that WordPress has not addressed this yet????
Hackers can easily exploit this vulnerability using automated scripts that try different password combinations at an incredible speed.
The Fix:
- Backup Your Database: Before making any changes, ensure you have a backup of your database.
- Access phpMyAdmin: Log in to your cpanel or hosting account and navigate to PHPMyAdmin (or your host’s equivalent database software).
- Locate the WordPress Database: You’ll see a list of databases; select your WordPress database.
- Edit User Table: Find the table named
wp_usermeta. This table stores metadata about users, including their display names (which can reveal usernames). - Update Display Names: Search for entries with
display_namein the key and ensure they don’t contain your admin username. Remove or update any such entries.
Additional Tips:
- Never use "admin" as your username.
- Use strong passwords: Combine lowercase letters, numbers, uppercase letters, and symbols to create complex and unique passwords.
- Avoid dictionary words: Stay away from common words found in dictionaries, even when adding numbers at the end.