June 20, 2014

WordPress security tip: Try a Google search for your WordPress admin username followed by your site name…it is very likely that you will find your username is defined in the permalink structure of your posts, and if so, I guarantee your username is indexed in Google’s search results.

By default WordPress defines your author url as follows: yoursite.com/author/yourusername/.
Hackers are looking to take advantage of such an exploit. All it would take is a brute force attempt and they are in.

How do you fix this?

There is a plugin by hallsofmontezuma, Matt Martz called Display Name Author Permalink. This plugin will allow you to replace the username section of the permalink with your display name. For instance, if your username is ‘admin’,  your current author structure is yoursite.com/author/admin/. Activating this plugin will change the permalinks to use your display name. Your permalink structure will then become yoursite.com/author/firstname_lastname/

The great thing about this plugin is that on top of the new structure hiding your username, it will also 404 any request to display posts based on your username.

What about SEO?

Keep in mind that if your author link has been indexed, it will take time for the username to be cleared from search results. Therefore, the urls will 404 when clicked from search results. You will need to request a re-crawl of your site (here’s how). A small price to pay for the security of your site!

Chris Farmer
We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.