When hackers discover your username, they have half the equation for logging in.
METHOD 1 - add to bottom of .htaccess, redirects www.domain.com/?author=1 queries back to homepage RewriteEngine On RewriteCond %{REQUEST_URI} !^/wp-admin [NC] RewriteCond %{QUERY_STRING} author=\d RewriteRule ^ /? [L,R=301]
METHOD 2 - added to functions.php, does the same thing as above htaccess function redirect_to_home_if_author_parameter() { $is_author_set = get_query_var( 'author', '' ); if ( $is_author_set != '' && !is_admin()) { wp_redirect( home_url(), 301 ); exit; } } add_action( 'template_redirect', 'redirect_to_home_if_author_parameter' );
Reference Links
https://www.wp-tweaks.com/hackers-can-find-your-wordpress-username/