For hackers to successfully gain access to your website, they need the username and password for the admin. It is important to note that in WordPress, anyone can get the username of the admin on a default WordPress installation.
This can be achieved by including ‘?author=1’ at the end of the website’s URL, e.g. ‘https://avoiderrors.com/?author=1’.
The above URL should result in a page similar to the one below (ensure to replace URL).
Why hide the author username?
If a hacker accesses your author username as the one shown above, your website is vulnerable. The hacker now only needs to brute force the password and he will have complete access to your website. In this step by step tutorial, you will learn how to hide your author username to increase your website’s security.
Prerequisites
To follow along with this tutorial, you will only need access to your root directory files. For this illustration, I will be using the Cpanel.
For this step, you need Cpanel login credentials that can be provided by your web hosting company.
Login into your Cpanel and locate the file manager. Open the file manager.
On the left, open the ‘public_html’ folder to access your website files.
Open the ‘wp-content’ folder.
Open the themes folder.
Locate the folder of the active theme. In the demonstration below, the active theme is ‘twentyseventeen.’
Find the ‘functions.php’ file. The files are alphabetically arranged so it should be easy to find it.
Select the ‘functions.php’ file then click on the ‘edit’ button at the top of the page.
When the pop-up appears as shown below, select the ‘edit’ button to proceed to the editor.
Once the ‘functions.php’ file opens in the editor, copy and paste this code at the bottom:
add_action(‘template_redirect’, ‘bwp_template_redirect’);
function bwp_template_redirect(){
if (is_author()){
wp_redirect( home_url() ); exit;}}
After pasting the code as shown below, click the ‘Save Changes’ button to update your changes.
Note: You need to replace the home_url with the URL of the page you want users to be redirected to.
Now when you go back your browser and type your URL/?author=1, e.g. ‘https://avoiderrors.com?author=1’.
If you followed all the steps, you should be redirected to the page you had defined.
