BuddyPress.org

I would like to be able to hide all the information about my site administrators

What do you mean by ‘hide’?
Make them invisible?

If you’ve changed the name of the admin’s account so it doesn’t say ‘admin’, then why do you need to hide it?
How would a scraper know that it’s the admin’s account?

@dangthrimble – no matter what you do to hide the admin username, the really good hack teams are running scans to get the admin names by running url checks like “yourdotcom /?author=2
?author=3

and scraping the details wp is providing both on page, and in meta fields.
Then adding those names to their pass cracking bot nets.
(look in your raw access logs, you will see it)

I’ve tried changing names on wp sites many times, the rssn hackers get getting the new names, you can tell if you check your fail log with “limit login attempts” plugin.

I’ve played with some code to change in wp themes to hide details there, but my php is slightly below beginner and my understanding of what the theme code is doing is same.

I tried a plugin from the wp-repo that is supposed to hide all that- but it’s not working.

(you could htaccess geo block ukrain and chna from your site completely and probably prevent 90% of these issues anyway from what I have seen by checking logs)

I found some htaccess someone posted that is supposed to suppress all requests for “/?auth [nc] or something like that – but since I do not understand what each part is doing, I have not deployed it.

I think it needs to be htaccess add and include anything with “author” and a number to work well (reg ex for numbers?)

Until I find a htaccess regex method I understand and trust, I have found that the best combo for prevention is:

Geo IP Block
(https://wordpress.org/plugins/ip-geo-block/ )
(default settings are okay, I think it’s best to change the drop downs to block by country the plugins area, theme area, admin ajax, etc as well – options in settings
Also some blogs may want to uncheck the “comment post” block by country
)

If this geoip block plugin author had a donate link I’d already sent him some bucks, it’s the most useful plugin I’ve found since… “good question”

and succuri is an informative add on as well
(shows that some bots have figured out how to bypass the limit login attempts max tries setting)

The way WP is handling question marks in urls (string queries I think it’s called) and giving up 200 status codes and extra info (including author names) to bots is a big issue for me, this kind of relates to the unanswered support question I posted here:
https://wordpress.org/support/topic/question-mark-url-return-200-not-404-string-query-noindex-or?replies=1