How to hide admin details from anyone visiting the site
I know there have been threads about this before, but I am new to BuddyPress, not confident with PHP and generally somewhat confused. I would like to be able to hide all the information about my site administrators from anyone other than other site administrators. The reason is that it is advised (e.g. http://wpsecure.net/secure-wordpress/) that you delete your original admin account and change the nickname so that details of the admin account cannot be scraped off the web site. However, BuddyPress makes both the username and the nickname visible.
I’m surprised, after the number of times this has come up, that there isn’t an option to address this from the BuddyPress menus.
Can you advise in simple terms how I can achieve this and, if I have to modify code, what I need to do to maintain it when I get subsequent updates to BuddyPress.
I would like to be able to hide all the information about my site administrators
What do you mean by ‘hide’?
Make them invisible?
If you’ve changed the name of the admin’s account so it doesn’t say ‘admin’, then why do you need to hide it?
How would a scraper know that it’s the admin’s account?
Your worrying about nothing. As long as you have some security measures in place it doesn’t matter if someone knows a username of an admin. To feel safe create an account you use for the front end and keep the admin account for only accessing the admin.
Add a plugin like this one https://wordpress.org/plugins/sucuri-scanner
Use strong passwords.
I have already created an admin account and one I use for the front end. I just don’t want the admin account showing up in the list of users with people sending it friend requests, etc. I’d like to keep it uncluttered so when I’m in that account I can just focus on admin work.
@dangthrimble – no matter what you do to hide the admin username, the really good hack teams are running scans to get the admin names by running url checks like “yourdotcom /?author=2
and scraping the details wp is providing both on page, and in meta fields.
Then adding those names to their pass cracking bot nets.
(look in your raw access logs, you will see it)
I’ve tried changing names on wp sites many times, the rssn hackers get getting the new names, you can tell if you check your fail log with “limit login attempts” plugin.
I’ve played with some code to change in wp themes to hide details there, but my php is slightly below beginner and my understanding of what the theme code is doing is same.
I tried a plugin from the wp-repo that is supposed to hide all that- but it’s not working.
(you could htaccess geo block ukrain and chna from your site completely and probably prevent 90% of these issues anyway from what I have seen by checking logs)
I found some htaccess someone posted that is supposed to suppress all requests for “/?auth [nc] or something like that – but since I do not understand what each part is doing, I have not deployed it.
I think it needs to be htaccess add and include anything with “author” and a number to work well (reg ex for numbers?)
Until I find a htaccess regex method I understand and trust, I have found that the best combo for prevention is:
Geo IP Block
(default settings are okay, I think it’s best to change the drop downs to block by country the plugins area, theme area, admin ajax, etc as well – options in settings
Also some blogs may want to uncheck the “comment post” block by country
If this geoip block plugin author had a donate link I’d already sent him some bucks, it’s the most useful plugin I’ve found since… “good question”
and succuri is an informative add on as well
(shows that some bots have figured out how to bypass the limit login attempts max tries setting)
The way WP is handling question marks in urls (string queries I think it’s called) and giving up 200 status codes and extra info (including author names) to bots is a big issue for me, this kind of relates to the unanswered support question I posted here:
- The topic ‘How to hide admin details from anyone visiting the site’ is closed to new replies.