It’s inevitable that hackers want to break into your site. With some of the WordPress-based sites I managed, I’m surprised to find that no matter what username changed to, even if the name is very cryptic, there are hacking attempts with those usernames! I looked everywhere to ensure username is not exposed yet they could still find it!
Are hackers really that smart?
Apparently this is a known issue, according to an old discussion from 3 years ago.
WordPress has a built-in feature that displays author’s profile
url.com/?author=1 will redirect to
url.com/author/username. That’s where your username is revealed.
Hide it with .htaccess:
RewriteRule ^author/(.*)$ /index.php [R,L]
Install Disable Author Pages plugin. Setup and configuration is very easy. Once enabled, go to Settings > Author Pages, and you must check Disable Author Page to enable this feature.
Highly recommended a must-install plugin, unless you intentionally want to display author’s page.