WordPress security enhancement plugin All in one WP Security ~ User account settings

A must-read for those who are concerned about the security of their WordPress site
We explain how to enhance security with the free All in one WP Security plugin.

This time, we will explain User Security > user account settings.

For more information, please see the All in one WP Security explanation table of contents!

What is All in one Security user account setting?

In WordPress, your username and user ID may be displayed as part of the URL.
In particular, if your username is displayed on the site, it is extremely dangerous because you can then log in with your password.

You will be notified as to whether any settings are required, so check your user account settings.

• WP Security
• User Security
• User account

Is admin used as the user name?

All in one WP security will notify you if your username is admin and prompt you to change it.
Generally, the login information is username:admin password:password, so it is better to avoid using an obvious username.

Since the username cannot be changed, you will need to re-register your user account.

User ID and display name match

All in one WP Security's user accounts will notify you if your username and display name do not match.
If they match, it's likely that your user ID is being displayed on the site and you need to take immediate action.

If a notification is displayed, go to the edit screen for the relevant user from the "User List"

As an example of changing the display name, we will add a nickname and change the display name to the nickname.
This allows you to change your login information, user ID, and the display name used on the site.

User number disabled

WordPress has a mechanism that allows you to obtain user information by entering "/?author=1" or "/wp-json/wp/v2/users" after the site domain.

This function is OFF by default, so please change it to ON.