If you allow users to register for your site, then you may eventually get a few troublemakers that want to stir things up by using offensive usernames or wreak havoc by pretending to be part of site’s staff (going by the username Admin or Help or Support, etc.).
The first step you can take to stop this type of thing is to download and activate a plugin called Restrict Usernames.
This plugin will allow you to restrict certain names from being registered (such as “admin”) or even names that contain a restricted username (such as “joeadmin” or “Head Admin” etc.). Of course you can also prohibit obscene words. (I’d give you some examples of those too, but I’m afraid I don’t know any.)
Here’s an example. I restricted the username “admin” so that it couldn’t be used as even part of username. And this is what someone trying to register a name with “admin” in it sees.
Here’s a list of some ideas from the plugin’s author for what you might want to prevent or require in a username:
- Prevent usernames that contain foul, offensive, or otherwise undesired words
- Prevent squatting on usernames that you may want to use in the future (but don’t want to actually create the account for just yet) (essentially placing a hold on the username)
- Prevent official-sounding usernames from being used (i.e. help, support, pr, info, sales)
- Prevent official username syntax from being used (i.e. if all of your administrators use a prefix to identify themselves, you don’t want a visitor to use that prefix)
- Prevent spaces from being used in a username (which WordPress allows by default)
- Require that a username begin, end, or contain one of a set of substrings (i.e. “support_”, “admin_”)
The Restrict Usernames plugin above does its job, but there’s still one problem. Users can register with an innocuous username, and then they can change their nickname to anything they like on their profile page. It’s their nickname that’s seen on the public front end of the site, so in a way, that’s even more important than the username.
I couldn’t find a plugin to take care of this problem, but I did finally find a snippet of code you can put into your functions file. (Note: this snippet is adjusted slightly from the original source. Thanks to WPMU DEV developer Ve Bailovity.)
Place the following code in your function.php file. (Appearance > Editor > Theme Functions – functions.php)
Once you do this, you’ll notice the nickname section disappears from the Profile page. The Administrator will still be able to see and edit nicknames, however.
(Note: If you’d like to turn this bit of code into your own personal plugin, you can learn how to do that here.)
Protect the Integrity of Your Site
Taking these two steps above (installing the plugin and including the code snippet) can help protect your site’s integrity. Bots are trouble enough, but a human troublemaker can be creative and hard to stop.
Photo: Business Concepts: Hello, My Name Is from BigStock