How to Restrict Usernames and Disable Nicknames in WordPress


If you allow users to register for your site, then you may eventually get a few troublemakers that want to stir things up by using offensive usernames or wreak havoc by pretending to be part of site’s staff (going by the username Admin or Help or Support, etc.).

 

Restrict Usernames

The first step you can take to stop this type of thing is to download and activate a plugin called Restrict Usernames.

This plugin will allow you to restrict certain names from being registered (such as “admin”) or even names that contain a restricted username (such as “joeadmin” or “Head Admin” etc.). Of course you can also prohibit obscene words. (I’d give you some examples of those too, but I’m afraid I don’t know any.)

Here’s an example. I restricted the username “admin” so that it couldn’t be used as even part of username. And this is what someone trying to register a name with “admin” in it sees.

 

Here’s a list of some ideas from the plugin’s author for what you might want to prevent or require in a username:

  • Prevent usernames that contain foul, offensive, or otherwise undesired words
  • Prevent squatting on usernames that you may want to use in the future (but don’t want to actually create the account for just yet) (essentially placing a hold on the username)
  • Prevent official-sounding usernames from being used (i.e. help, support, pr, info, sales)
  • Prevent official username syntax from being used (i.e. if all of your administrators use a prefix to identify themselves, you don’t want a visitor to use that prefix)
  • Prevent spaces from being used in a username (which WordPress allows by default)
  • Require that a username begin, end, or contain one of a set of substrings (i.e. “support_”, “admin_”)

 

Featured Plugin - WordPress Google Maps Plugin

Simply insert google maps into posts, sidebars and pages - show directions, streetview, provide image overlays and do it all from a simple button and comprehensive widget.
Find out more

 

Disable Nicknames

The Restrict Usernames plugin above does its job, but there’s still one problem. Users can register with an innocuous username, and then they can change their nickname to anything they like on their profile page. It’s their nickname that’s seen on the public front end of the site, so in a way, that’s even more important than the username.

I couldn’t find a plugin to take care of this problem, but I did finally find a snippet of code you can put into your functions file. (Note: this snippet is adjusted slightly from the original source. Thanks to WPMU DEV developer Ve Bailovity.)

Place the following code in your function.php file. (Appearance > Editor > Theme Functions – functions.php)

 

// remove nickname
function prefix_hide_personal_options() {
        if (current_user_can('manage_options')) return false;
?>
<script type="text/javascript">
  jQuery(document).ready(function( $ ){
    $("#nickname,#display_name").parent().parent().remove();
  });
</script>
<?php
}
if (is_admin()) add_action('personal_options', 'prefix_hide_personal_options');

 

Once you do this, you’ll notice the nickname section disappears from the Profile page. The Administrator will still be able to see and edit nicknames, however.

(Note: If you’d like to turn this bit of code into your own personal plugin, you can learn how to do that here.)

Protect the Integrity of Your Site

Taking these two steps above (installing the plugin and including the code snippet) can help protect your site’s integrity. Bots are trouble enough, but a human troublemaker can be creative and hard to stop.

Featured Plugin - WordPress Membership Site Plugin

If you're thinking about starting a paid, or just private, membership site then this is truly the plugin you've been looking for. Easy to use, massively configurable and ready to go out of the box!
Find out more

Photo: Business Concepts: Hello, My Name Is from BigStock

Tags

Comments (2)

  1. The code snippet to prevent the nickname would only work if the user has javascript enabled. While much of WP requires javascript, it’s not required on the registration page nor on the settings page back-end. As most spam signups are automated, this would only really affect “real” people (not that they have any more business of using misleading nicknames).

    It would probably be a better solution to use this code but also add a filter for the nickname assignment (a set_option filter) to change it to empty each time. This should work:

    `# vaporcode that should remove the nickname whenever it’s saved
    function mynickfix( $nick ){
    return ”;
    }
    add_filter( ‘pre_update_option_user_nickname’, ‘mynickfix’, 1)`

    • @Shawn : nickname and other user’s data are no options but user’s data, so you can not user the ‘pre_update_option_$option’ hook here. (btw ‘user_nickname’ doesn’t exists, this is ‘display_name’, weird i know ;) )
      Here comes the solution :
      function baw_no_nickname_change( $dummy1, $dummy2, $user )
      {
      if( !is_admin() && !current_user_can(‘administrator’) ) {
      unset( $user->display_name );
      unset( $user->nickname );
      }
      }
      add_action( ‘user_profile_update_errors’, ‘baw_no_nickname_change’, 10, 3 );

      Have a nice day !

Participate