WordPress: Expose username fix and hide author page

It’s inevitable that hackers want to break into your site. With some of the WordPress-based sites I managed, I’m surprised to find that no matter what username changed to, even if the name is very cryptic, there are hacking attempts with those usernames! I looked everywhere to ensure username is not exposed yet they could still find it!

Are hackers really that smart?

Apparently this is a known issue, according to an old discussion from 3 years ago.

WordPress has a built-in feature that displays author’s profile¬†url.com/?author=1¬†will redirect to url.com/author/username. That’s where your username is revealed.

Solution 1

Hide it with .htaccess:

RewriteRule ^author/(.*)$ /index.php [R,L]

Solution 2

Install Disable Author Pages plugin. Setup and configuration is very easy. Once enabled, go to Settings > Author Pages, and you must check Disable Author Page to enable this feature.

Highly recommended a must-install plugin, unless you intentionally want to display author’s page.

Leave a Reply

Your email address will not be published. Required fields are marked *