• Luis Rieke

    (@spacifik)


    Is it somehow possible to hide the username completely from the website? I wanna secure the websites we host not just with the Bruteforce people guessing a password – I want them also to guess the username as it happens from times to times that they use the right username and are just blocked because of the password being wrong. I already changed the nickname and that the public name is the nickname, but the original username is still shown in the URL..

    Can I change that somehow?

    Thanks a lot for your help!
    Best, Luis

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter Luis Rieke

    (@spacifik)

    So I want to change that there is something like https://digitalconomics.de/author/testuserforwpforum/ – is there any chance to do so?

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Moved to Fixing WordPress, this is not an Everything else WordPress topic.

    Is it somehow possible to hide the username completely from the website?

    tl;dr No, it’s not really possible. There’s too many places where that username is leaked and that’s alright as that part was never meant to be hidden in anyway. That’s not about security, the security is in strong password and multiple authentication.

    Longer version:

    Try one of these plugins.

    https://www.ads-software.com/plugins/search/hide+author/

    But honestly, it won’t work. There’s always something not covered in those plugins.

    Thread Starter Luis Rieke

    (@spacifik)

    Thanks for moving the post to the fitting topic.
    And ah ok – we will then probably start to do multiple authentication etc. Thanks for your quick response anyways.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    I use strong passwords via 1Password, many use LastPass too. I also use this plugin to implement 2FA.

    https://www.ads-software.com/plugins/two-factor/

    There are others too.

    https://www.ads-software.com/plugins/search/two+factor/

    Without using a cloud based brute force protection option such as Jetpack then that’s a good way to address that. The brute force attacker won’t get nwKvHeNZR7KBeVBxyk_6 but if they do then the 2FA will stop them cold.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Hide User URL’ is closed to new replies.