• Home
  • Publications & Software
  • Contact us
  • Privacy policy
  • Cookie Policy

Commissions Autopilot

Earn Money Online From Home

  • Affiliates
  • Make Money Online
  • Work at Home
  • Videos
> Home / Work at Home / How WordPress Exposes Your Admin Username & How to Fix It!

How WordPress Exposes Your Admin Username & How to Fix It!

March 3, 2020 by admin

Spread the love

Prosperity Marketing System









I received an alarming DM from one of my e-buddies, Darren of Small Biz Geek.

This is what it said…

Tweet From Darren

Say whaaaaaaaaat?

Now, I will say this…

I know not to ever use “admin” for my username, and I’m aware of the nickname issue.

What’s the nickname issue, you ask?

Always change your admin nickname to something else, otherwise the name shown with your comments will be your username.

Go into Users from your dashboard, and edit your Admin user account. Make sure you change your nickname to something other than your username.






But I had already done that, so I wasn’t aware of any other username vulnerabilities.

Well there’s another one, and it’s a biggy!

The Byline Might Be Exposing Your Username

Darren figured out my login username for my new site, and he didn’t have to hack the database or go to great lengths to figure it out.

All he did was hover over a link in my author byline.

You might have the same vulnerability on your WordPress site, and there’s a very easy fix.

If you have “By [Name]” in your byline that usually shows up underneath your WordPress title, you might be exposing your admin username.

So I wouldn’t risk exposing anyone’s site that was vulnerable, the byline in the above example is not even hyperlinked, but I just wanted to show an example of what it would look like since I ended up removing my byline altogether.

Anywho…

Hover over that name in your byline. (Not all themes show the byline.)

You will notice it goes to http://yoursite.com/author/[name] 

Whatever you see in the [name] is your login username.

How crazy is it that WordPress has not addressed this yet???? As if WordPress is not vulnerable enough!

And since most of us post using our Admin accounts, this is dangerous. You are basically telling the hackers of the world what your WordPress admin login username is.

So all they have to do is run their script to figure out your password. And if it’s super simple then it’s not hard for them to crack into your account.

For the record, hackers easily crack some passwords by running scripts that attempt to figure them out. They typically start alphabetically and go down the list.

a… aa… aaa… aaab… aaabbb and then they had numbers to the end.

Sounds tedious, right? But here’s the deal…

This is happening at a rate of million of attempts per second because it’s a script, so they can go through the millions of combinations VERY quickly.

It’s not like John (or Jane) ? is sitting at your login screen manually entering each option. This process is totally automated!

Many WP blogs get hacked because they use “admin” as the username and then a super simple password.  That’s why you should always use lowercase, numbers, uppercase and symbols.

If you’re using a password like happy123, then you’re begging to get hacked — especially if your username is exposed in the byline.

For the record, words that can be found in the dictionary are a big no-no — even if you add numbers at the end.

How to Hide Your Username In The Byline

This may seem intimidating at first, but it’s super easy and should only take you about 3-5 minutes.

Darren created a video that explains all this and shows you how to fix the problem. There are also text instructions below.

I would highly recommend you backup your database before making any changes. Pleeeeease!

Text Instructions

If you prefer text instructions, here ya go…

1. Login to your cpanel or hosting account control panel.

2. Go to PHPMyAdmin or whatever database software your host uses. It might just say “Databases.”

Your interface may also look slightly different. I’m on dedicated hosting, and my cpanel just got upgraded. The point is to find phpMyAdmin or your database icon.

phpMyAdmin

You will see your WordPress database name(s) and any other databases you have setup. It should look similar to the image below.

3. Click the name of your database (or the plus sign next to it), and it will expand a list of all the tables inside that database.


database



4. Look for a table called wp_users (or something similar) and click it. This is where all your blog’s users are stored.

This will bring up a table of all the users in your WordPress database.

5. Find your username for your admin account and click Edit.

You should see a field called user_nicename and it will be the same as your login.

This is the culprit and what you should change IMMEDIATELY! Change it to “webmaster” or anything other than your login username.

6. Click “Go” or “Save” and that should be it.

Now if you use the byline on your posts, your username will no longer be displayed in the hyperlink.

It will show the name you just changed it to, which is OK because it’s not tied to any of your login details.

What Is The Purpose of The User_Nicename Field?

In case you’re worried about breaking something with this change, here’s some reassurance.

The user_nicename field was only created to simplify the URL of the author archives.

It’s a slug to make the author post archive link appear “nicer”, hence the name.

So if your username is something funky with symbols and hyphens, then the user_nicename will simplify the author post archive link (URL).

If you change the user_nicename, you are changing the URL of the author’s archives.

The good news is WordPress will automatically make this change dynamically so you won’t have broken links in your bylines.

But if you happen to manually link to all your author posts somewhere else on your site (rare), then you will have to change those links to the new one.

There really is no need for a byline when you have a single-author blog anyway.  If you use Genesis themes like me, you can easily get rid of it by installing The Simple Edits plugin.

What If Your Theme Doesn’t Have a Byline?

This is pretty common today. A byline might not be coded into your particular theme.

However, even if the byline is not displayed, the author URL still exists because it’s part of WordPress’ dynamic code.

So you can still go to http://yoursite.com/author/[admin_username]. But if your theme doesn’t link to your author archives, then it would be nearly impossible to find.

Nevertheless, it still exists if you go to it manually. So I’ll leave that up to you to decide if you are going to change it or not.

—————-

Thank you, Darren for alerting me of this! This is such an important issue so I want to spread the word as you have done on your blog.

I can’t believe I’ve used WordPress all these years and have never come across this info! ?

Look-a-here, ladies and gents! All WordPress users need to know about this. Please spread the word by tweeting the link below, especially if you have a website that targets bloggers.

[clickToTweet tweet=”WordPress is exposing your admin username! Here’s how to fix it!” quote=”WordPress is exposing your admin username! Here’s how to fix it.”]

Affiliate Marketing Website Design

Source link

Follow us

  • Facebook
  • RSS

Subscribe to Our Newsletter

Join thousands of people who get the most updated news delivered free to their email!

Check your inbox or spam folder to confirm your subscription.

Mind Secrets

Affiliates

Acceleration Partners acquires R.O.EYE’s UK agency business

March 4, 2021 By admin

As of the 2nd March 2021, Acceleration Partners has officially completed the acquisition of R.O.EYE’s agency business, a UK-based performance marketing agency founded by Mark Kuhillow.   As a result of the acquisition, Acceleration Partners will be taking over the management of R.O.EYE’s affiliate marketing clients in the UK and incorporating them into the Acceleration Partners business. […]

Acceleration Partners Acquires R.O.EYE’s UK Agency Business

March 3, 2021 By admin

As of March 2nd, 2021, Acceleration Partners has officially completed the acquisition of R.O.EYE’s agency business, a UK-based performance marketing agency founded by Mark Kuhillow. As a result of the acquisition, Acceleration Partners will be taking over the management of R.O.EYE’s affiliate marketing clients in the UK and incorporating them into the Acceleration Partners business. “We have […]

Profile of a Growth Marketer: Stephanie Solty, Drop

February 26, 2021 By admin

Profile of a Growth Marketer is an ongoing series where we feature partner marketing industry leaders from around the globe. We sat down with Stephanie Solty, Senior User Acquisition Manager at Drop, to learn more about her role in the company, and how Drop is placing the earning and redemption process of their free rewards […]

How Affiliate Management Agencies Strengthen In-House Teams

February 25, 2021 By admin

While many companies rely solely on an affiliate program management agency to support all aspects of their affiliate program, some divvy up the responsibilities with their in-house affiliate marketing team. This is especially true for: Companies who started with a small, private affiliate program run by an in-house manager and promoted by a few select […]

Employee Spotlight: Kelly Ground | Acceleration Partners

February 20, 2021 By admin

How long have you been with Acceleration Partners and what is your current role? I have been at Acceleration Partners for 4.5 years and I am currently the Associate Director of Strategic Accounts.   What brought you to work in the affiliate marketing industry? Wow where do I start. After graduating college, I was fortunate […]

Partner Spotlight: DealNews | Acceleration Partners

February 17, 2021 By admin

Acceleration Partners’ Partner Spotlight is an ongoing series where members of our Partner Development team shine a light on innovative partners from across the world. This month, Meghan Hamme, Publisher Development Manager at Acceleration Partners, chatted with Shauna Cortazzo, Business Development Manager and Tim Mueller, Head of Business Development at DealNews.   What is DealNews all about? […]

Employee Spotlight Martin Bartsch | Acceleration Partners

February 14, 2021 By admin

In this month’s edition of our Employee Spotlight series, we talked to Account Manager, Martin Bartsch. Martin shares how the pandemic has helped to accelerate the demand for affiliate marketing and reveals the time former British Bake-off judge Mary Berry cooked lunch for him!   Can you tell us more about your role at AP […]

Employee Spotlight: Wendy Lim | Acceleration Partners

February 13, 2021 By admin

How long have you been with Acceleration Partners and what is your current role? I’ve been with Acceleration Partners for eight months. I’m on the Global Accounts team and help our clients to launch and manage their affiliate programs in the Asia Pacific (APAC) region from Singapore, where I’m based.   What do you do […]

Self Healing Secrets

banner

Copyright 2020 Commissions Autopilot | Designed by Ahead Hosting

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.