Preventing Display of Usernames

Disclaimer

Website Translation Disclaimer

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

The website has been translated for your convenience using translation software powered by Google Translate. Reasonable efforts have been made to provide an accurate translation, however, no automated translation is perfect nor is it intended to replace human translators. Translations are provided as a service to users of the website, and are provided “as is.” No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, or correctness of any translations made from English into any other language. Some content (such as images, videos, Flash, etc.) may not be accurately translated due to the limitations of the translation software.

The official text is the English version of the website. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes. If any questions arise related to the accuracy of the information contained in the translated website, please refer to the English version of the website which is the official version.

Preventing Display of Usernames

Posted on Aug 14, 2013 in Content, Security

[box type=”warning”] Please help us tighten security on your WordPress site by making sure your display name is not the same as your username.[/box]

Overview

The most frequent type of attack against WordPress is a brute force attack against the login page.

Hackers will use automated software in attempt to gain access to a website by trying different combinations of usernames and passwords repeatedly, until a correct combination is found.

When usernames are displayed, the hacker’s odds of finding a correct login combination increases.

We are finding that WordPress may display usernames in numerous ways, which need not be mentioned in this article. With that, we have implemented security fixes to help prevent usernames from being seen in plain sight as well as implemented procedures to monitor and thwart brute force attacks.

You can further help us by making sure your display name is not the same as your username by updating your account profile.

Updating Your Account Profile

Change Display Name

On the admin sliver, you will see a “Howdy” message at the top right.

Hover over that and you will be given the option to “Edit My Profile.”

Screenshot showing location of the edit profile link at top right of admin sliver.

Under the Name section, you will see your Username and additional fields for First Name, Last Name, Nickname, and Display name publicly as.

Screenshot showing profile name fields.

Please fill out the First and Last Name fields.

Then click the Update Profile button at the bottom of the page.

After doing so, you will be able to set your Display Name.

Go back to the Display name publicly as drop down and select your full name.

Click the Update Profile button at the bottom of the page.

Change Account Password

You may also change your password here using this profile page.

Scroll down to the About Yourself section.

Screenshot showing the change password fields.

You may create a new password by filling out the New Password and Repeat New Password fields.

Click the Update Profile button at the bottom of the page when done.

Your new password must abide by the password constraints that is described in the note seen beneath the fields. We apologize for imposing such complex passwords, but the most common breach is through weak passwords. Better safe than sorry!

Website Translation Disclaimer

WordPress Wiki

Preventing Display of Usernames

Overview

Updating Your Account Profile

Change Display Name

Change Account Password

Recent Content Posts

Post Categories

About us

Policies