Skip to:
Content
Pages
Categories
Search
Top
Bottom

How to hide admin details from anyone visiting the site


  • Dangthrimble
    Participant

    @dangthrimble

    WordPress: 4.2.2–en_GB
    BuddyPress: 2.3.2.1

    Hi,

    I know there have been threads about this before, but I am new to BuddyPress, not confident with PHP and generally somewhat confused. I would like to be able to hide all the information about my site administrators from anyone other than other site administrators. The reason is that it is advised (e.g. http://wpsecure.net/secure-wordpress/) that you delete your original admin account and change the nickname so that details of the admin account cannot be scraped off the web site. However, BuddyPress makes both the username and the nickname visible.

    I’m surprised, after the number of times this has come up, that there isn’t an option to address this from the BuddyPress menus.

    Can you advise in simple terms how I can achieve this and, if I have to modify code, what I need to do to maintain it when I get subsequent updates to BuddyPress.

    Thanks

Viewing 6 replies - 1 through 6 (of 6 total)

  • shanebp
    Moderator

    @shanebp

    I would like to be able to hide all the information about my site administrators

    What do you mean by ‘hide’?
    Make them invisible?

    If you’ve changed the name of the admin’s account so it doesn’t say ‘admin’, then why do you need to hide it?
    How would a scraper know that it’s the admin’s account?


    modemlooper
    Moderator

    @modemlooper

    Your worrying about nothing. As long as you have some security measures in place it doesn’t matter if someone knows a username of an admin. To feel safe create an account you use for the front end and keep the admin account for only accessing the admin.

    Add a plugin like this one https://wordpress.org/plugins/sucuri-scanner

    Use strong passwords.


    Dangthrimble
    Participant

    @dangthrimble

    I have already created an admin account and one I use for the front end. I just don’t want the admin account showing up in the list of users with people sending it friend requests, etc. I’d like to keep it uncluttered so when I’m in that account I can just focus on admin work.


    shanebp
    Moderator

    @shanebp

    Google: buddypress hide admin from members list


    djsteveb
    Participant

    @djsteveb

    @dangthrimble – no matter what you do to hide the admin username, the really good hack teams are running scans to get the admin names by running url checks like “yourdotcom /?author=2
    ?author=3

    and scraping the details wp is providing both on page, and in meta fields.
    Then adding those names to their pass cracking bot nets.
    (look in your raw access logs, you will see it)

    I’ve tried changing names on wp sites many times, the rssn hackers get getting the new names, you can tell if you check your fail log with “limit login attempts” plugin.

    I’ve played with some code to change in wp themes to hide details there, but my php is slightly below beginner and my understanding of what the theme code is doing is same.

    I tried a plugin from the wp-repo that is supposed to hide all that- but it’s not working.

    (you could htaccess geo block ukrain and chna from your site completely and probably prevent 90% of these issues anyway from what I have seen by checking logs)

    I found some htaccess someone posted that is supposed to suppress all requests for “/?auth [nc] or something like that – but since I do not understand what each part is doing, I have not deployed it.

    I think it needs to be htaccess add and include anything with “author” and a number to work well (reg ex for numbers?)

    Until I find a htaccess regex method I understand and trust, I have found that the best combo for prevention is:

    Geo IP Block
    (https://wordpress.org/plugins/ip-geo-block/ )
    (default settings are okay, I think it’s best to change the drop downs to block by country the plugins area, theme area, admin ajax, etc as well – options in settings
    Also some blogs may want to uncheck the “comment post” block by country
    )

    If this geoip block plugin author had a donate link I’d already sent him some bucks, it’s the most useful plugin I’ve found since… “good question”

    and succuri is an informative add on as well
    (shows that some bots have figured out how to bypass the limit login attempts max tries setting)

    The way WP is handling question marks in urls (string queries I think it’s called) and giving up 200 status codes and extra info (including author names) to bots is a big issue for me, this kind of relates to the unanswered support question I posted here:
    https://wordpress.org/support/topic/question-mark-url-return-200-not-404-string-query-noindex-or?replies=1


    Dangthrimble
    Participant

    @dangthrimble

    @djsteveb – thanks for such an informed response. Have installed IP Geo Block.

    @modemlooper & @djsteveb – thanks for the advice about Sucuri Scanner. That’s next on my list.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘How to hide admin details from anyone visiting the site’ is closed to new replies.
Skip to toolbar