Preventing Display of Usernames

Posted on Aug 14, 2013 in Content, Security
Please help us tighten security on your WordPress site by making sure your display name is not the same as your username.

Overview

The most frequent type of attack against WordPress is a brute force attack against the login page.

Hackers will use automated software in attempt to gain access to a website by trying different combinations of usernames and passwords repeatedly, until a correct combination is found.

When usernames are displayed, the hacker’s odds of finding a correct login combination increases.

We are finding that WordPress may display usernames in numerous ways, which need not be mentioned in this article.  With that, we have implemented security fixes to help prevent usernames from being seen in plain sight as well as implemented procedures to monitor and thwart brute force attacks.

You can further help us by making sure your display name is not the same as your username by updating your account profile.

Updating Your Account Profile

Change Display Name

Login to your WordPress site.

On the admin sliver, you will see a “Howdy” message at the top right.

Hover over that and you will be given the option to “Edit My Profile.”

Screenshot showing location of the edit profile link at top right of admin sliver.

Screenshot showing location of the edit profile link at top right of admin sliver.

 

Under the Name section, you will see your Username and additional fields for First Name, Last Name, Nickname, and Display name publicly as.

Screenshot showing profile name fields.

Screenshot showing profile name fields.

Please fill out the First and Last Name fields.

Then click the Update Profile button at the bottom of the page.

After doing so, you will be able to set your Display Name.

Go back to the Display name publicly as drop down and select your full name.

Click the Update Profile button at the bottom of the page.

Change Account Password

You may also change your password here using this profile page.

Scroll down to the About Yourself section.

Screenshot showing the change password fields.

Screenshot showing the change password fields.

You may create a new password by filling out the New Password and Repeat New Password fields.

Click the Update Profile button at the bottom of the page when done.

Your new password must abide by the password constraints that is described in the note seen beneath the fields.  We apologize for imposing such complex passwords, but the most common breach is through weak passwords.  Better safe than sorry!