blog security

How To Change Author URL Nicename – Username In WorPress

Although I dislike the new dashboard look of WordPress, the update brought a very important change with respect to the security of our blogs. Namely, it makes it very easy for you to change your author URL nicename or username in your author slug. If you don’t change it you are leaving the doors wide opened and making it easier for hackers to attack your blog.

Until this change, your author slug or URL always had your username attached to it. Unbelievable, isn’t it?

So if you hovered over or clicked on the author name, at he end of your URL your username to enter your blog’s dashboard would show up. Before the change, the author URL would look as follows:

If you had not made any changes yet just click on the author name underneath your post and see what you get. Because by default WordPress used your username in the author URL it should show up there. WordPress developers call this “nicename”. They should have called it “nicegate”.

Until WordPress 3.8 update you could not change the nicename from within your dashboard (at least I could not for any one of my sites). The only way to do it was to go into your phpMyAdmin and your WordPress Database. In the wp database you would have to locate wp_users table and from there you would be able to find your blog or blogs.

In the editable section you would have to locate the item called user_nicename and there you would be able change the nice name to something reasonable, like your name.

What a royal pain! Most people don’t even know about the nicename in the author URL. I did not because I never clicked on the link before. But because recently I had some issues with my site I was scrutinizing my blog security and it came to my attention that my author URL had my WP username in it.

The best news is that you no longer have to jump through hoops to change your the nicename in your author URL because new WordPress allows you to do it through your dashboard.

To change the author slug, go into your WordPress dashboard and click on Users. In the Users dashboard change the “nickname” to whatever you want. Make sure it is single word. Use a dash if you want to use a phrase. That should work too.

how to change author nicename or slug

Easy Way To Change Your Author Nicename (Slug)

Now my blog’s author URL looks as:

This URL does not at all reveal my blog’s username.

I was very surprised to learn of this major WordPress shortcoming. I previously wrote about the need to change our usernames to something strong to prevent hackers accessing our blogs. What boggles my mind is that WordPress developers made our blogs so vulnerable by revealing our usernames in our author links.

Please make sure to check your author URL and change the “nicename”  or username in it still shows up. If it shows up change it ASAP for the protection of your blog. Please share this post with your blogging friends to help them improve the security of their blogs. And, if you have a moment, please leave a comment and click the Google + or LIKE button on the side of this post.

, , , , , ,

6 Responses to How To Change Author URL Nicename – Username In WorPress

  1. Sandy Halliday January 16, 2014 at 5:19 pm #

    I never knew about that before Dita. It’s unbelievable. Thank goodness I changed my login password to something more secure.

    Thanks for the very valuable information. I am going to change mine as soon as I can.

    I’ve some problems with my blog at the moment and have a guy sorting it out for me. They can be such a pain sometimes.


    • Dita January 21, 2014 at 2:24 pm #

      Hi Sandy,

      really nice to see you here. I did not know about that either. You can imagine how shocked I was at the stupidity of WordPress especially since it would have been such simple thing to change even in prior updates. The problem is that most bloggers would not even know about it and the ones that knew were the hackers.

      Take care

  2. Michel Snook January 16, 2014 at 4:34 pm #

    Hello Dita,

    As usual, good information. My sites are not affected as of yet because I didn’t update to 3.8. I always wait to see what problems develop with a new release and then are corrected before I update! So in this case, I am waiting for 3.8.1

    However, for those who did update (Guinea Pigs) your solution will help and should be implemented as soon as possible if they want to keep the integrity of their blog intact.
    Michel Snook recently posted…What it Takes to Make Money OnlineMy Profile

    • Dita January 21, 2014 at 2:50 pm #

      Hi Michel,

      I guess your blog would not be affected because you do not have your author name on your blog. But for people who use an author under their posts it will affect them. As more and more people use some sort of a author designation, just by hovering over their author name, if the “nice-name” is not changed the default is going to show their login info. Take care
      Dita recently posted…How To Protect Your Blog From Botnet HackersMy Profile

  3. Glenn Shepherd January 16, 2014 at 1:46 pm #

    Hi Dita,

    Well done for highlighting this. I didn’t know about the new way of making the change with WP 3.8 so that’s really useful to know, thanks. I’ve just been doing it manually via CPanel and in fact, I wrote a blog post about this very subject a few weeks ago.

    You really can’t be too careful with site security, what with all the idiots creeping around, hacking into things and potentially causing disaster. Hopefully now, with inclusion of this easy way to make the change, more people will do so.

    Glenn Shepherd recently posted…Protecting Yourself on the InternetMy Profile

    • Dita January 21, 2014 at 2:53 pm #

      Hi Glenn,

      I know you quite well by now and I know you are one of the fortunates who is pretty well versed in the technical aspects of WordPress. I am sorry to hear I somehow missed your info from few weeks ago. Had i known I might have perhaps prevented an issue that my poor blog was facing a couple of weeks ago. I think I’ll need to watch your blog more closely. All the best!
      Dita recently posted…How To Remove New And Old Post Revisions To Speed Up Your Blog Some More My Profile