Although I dislike the new dashboard look of WordPress, the update brought a very important change with respect to the security of our blogs. Namely, it makes it very easy for you to change your author URL nicename or username in your author slug. If you don’t change it you are leaving the doors wide opened and making it easier for hackers to attack your blog.
Until this change, your author slug or URL always had your username attached to it. Unbelievable, isn’t it?
So if you hovered over or clicked on the author name, at he end of your URL your username to enter your blog’s dashboard would show up. Before the change, the author URL would look as follows:
If you had not made any changes yet just click on the author name underneath your post and see what you get. Because by default WordPress used your username in the author URL it should show up there. WordPress developers call this “nicename”. They should have called it “nicegate”.
Until WordPress 3.8 update you could not change the nicename from within your dashboard (at least I could not for any one of my sites). The only way to do it was to go into your phpMyAdmin and your WordPress Database. In the wp database you would have to locate wp_users table and from there you would be able to find your blog or blogs.
In the editable section you would have to locate the item called user_nicename and there you would be able change the nice name to something reasonable, like your name.
What a royal pain! Most people don’t even know about the nicename in the author URL. I did not because I never clicked on the link before. But because recently I had some issues with my site I was scrutinizing my blog security and it came to my attention that my author URL had my WP username in it.
The best news is that you no longer have to jump through hoops to change your the nicename in your author URL because new WordPress allows you to do it through your dashboard.
To change the author slug, go into your WordPress dashboard and click on Users. In the Users dashboard change the “nickname” to whatever you want. Make sure it is single word. Use a dash if you want to use a phrase. That should work too.
Now my blog’s author URL looks as:
This URL does not at all reveal my blog’s username.
I was very surprised to learn of this major WordPress shortcoming. I previously wrote about the need to change our usernames to something strong to prevent hackers accessing our blogs. What boggles my mind is that WordPress developers made our blogs so vulnerable by revealing our usernames in our author links.
Please make sure to check your author URL and change the “nicename” or username in it still shows up. If it shows up change it ASAP for the protection of your blog. Please share this post with your blogging friends to help them improve the security of their blogs. And, if you have a moment, please leave a comment and click the Google + or LIKE button on the side of this post.