In wordpress you can easily change the admin id to a name which is less hackable. But did you know this is of no use unless you have a huge user database with loads of dummy users in which you can hide your admin?
I have seen many video’s and instructions telling you to create a new admin, login and delete the old admin. Video’s that instruct you to create a admin with a name like ‘youdonotfindme’. Plugins like “Better WP Security” suggesting you to change the id and name. And they are all right to some extend. But the thing is that as long as your author pages can be called and you wrote articles with the admin username they are able to find you!! (even if the admin did not write a single article).
Did you know you can call any wordpress website like this?
http://yourwebsite.com/?author=1
The only way to hide it is to have loads of users with no permissions and each with its own lengthy dummy password. So when they find a name and they hack it, they still can’t do anything as the user has no rights. They will get bored by trying to hack you as each cracked password will bring them into a user area with no permissions. Unless they really hit the admin-id of course.
But with a login detection plugin like “login lockdown” you have already discovered what is going on and you are way ahead of them
Hide your author pages plugin.
But what if you dont want to create a load of users and hide your admin? What if you only have one admin with a fancy loginname and you still want to hide it? Just disable the author call to your website is the solution. There is a nice plugin you can use for that which redirects those calls to the root or any custom url of your desire. The plugin is called “Disable Author Pages” And can be downloaded at wordpress.org.
Download the plugin : disable author pages
After installing it and enabling it goto to its settings and enable the redirecting (see image below). Once done nobody can call any author pages anymore and thus revealing the admin name by accident. This will only work if you dont want people to see what author wrote what articles and call his list of written documents. I don’t mind as i never intended to have this ability in my blog anyway. I am the only author, so who cares? I don’t!
- Create loads of empty users with a dummy password and no articles attached to them and no permission.
- Create a author which you use to write all your articles
- Move your admin user so its hidden within the rest of the users and make sure it has also no articles attached. This way it will look the same as any dummy user they call.
What happens that in case you enter a wrong username that username is removed after the login attempt. However if you enter a correct username that username stays visible in the login screen.
Both attempts provide also a different error message explaining that you either provided the wrong username and or password or the wrong password. In the latter case you entered the valid and correct username and indirectly wordpress tells you this (stupid if i may say so).
So besides hiding the author pages one can still get hold of a valid loginname this way.
How to fix that you can read here : WordPress revealing user loginname by trial and error
