Disable Login With Email Address Feature In WordPress For More Security
March 30th, 2017 | by Ravi Chahar || 7 Comments |
WordPress security has always been a concern to its users which makes sense because millions of websites get hacked every year.
It’s always recommended to take every step possible to harden the security layer. Have you ever thought to disable login with email address in WordPress?
You may have noticed that you can log in with the username and an email address attached to that account. This can be a vulnerability to your WordPress website.
Why should you turn off login with an email address?
In 2015, many Gmail accounts were hacked which was a time when everyone had the trust issues with Google’s security.
This can happen with you too. Any hacker can log in to your WordPress website using your email address by guessing the password or directly hacking the email address.
Though it can be hardened by removing the password lost link from the login panel but still, you should disable login with email address in WordPress for more security.
What’s the need to use an email address if you have the username to log in? If you have a unique username with the strongest password then you don’t need to worry about anything.
You can also change login error message.
Use a plugin to disable email address login feature.
For beginners, the use of a plugin is the best yet safe method. WordPress repository contains thousands of plugins which can drive you to the safest mode.
You to install and activate No Login by Email Address plugin and you’re done.
Yes, there is no extra configuration required. The best thing about this plugin is that you don’t need to do any kind of settings.
Many plugins can brainstorm you with the numerous of setting options but not with this one.
After activation, whenever someone tries to login using an email address, it will show an Invalid username error message.
Isn’t that majestic? Well, it is. The easiest method from all. But if don’t want to add one more plugin to the list then you have to use the manual method.
Disable login with email address feature in WordPress manually.
As you all know functions.php file is the all in one to handle the functions of your WordPress website. It’s the file you would need to add one line code.
You can edit it either from the WordPress admin panel or from the cPanel.
From admin panel, go to Appearance>>Editor>>functions.php file. And if you have access to the cPanel then login to your account and navigate to file manager>>wp-content>>themes>>theme name>>functions.php file.
The choice is yours.
Add this line at the bottom of the file and save it. You have successfully disabled the email address login feature.
To make this code work, you should know the right way to add custom code in WordPress. Many people add the code in the different place which costs them.
If you choose the manual method, you should know about the WordPress codes. You shouldn’t take any risk if not having proper coding knowledge.
Though it requires you to copy and paste this code in the file but still it’s always good to take safe steps. You should also know about the WordPress security tips.
I hope this article has helped you achieve your goal. If you face any problem, feel free to drop a message.
You can also connect with us on Twitter, LinkedIn, and Facebook.
Related Posts
7 comments
Leave a Reply
Hey Ravi! It’s funny you mention this. I recently worked with a few clients who had their websites migrated by the host. The login to their WordPress admin panel was their email address. I had a hard time explaining to my client why it was essential to use a strong username instead of email. I was surprised by the host to do that.
This is an awesome tutorial and very important to know. You know I’m passing this along.
Hope you’re having a great week!
B
Hi Bren,
Most of the WordPress users are keeping their email address in the login credentials which can be a vulnerability. They should understand the sensitive topic of security.
I hope you made your clients realize about it.
Thanks for sharing your experience.
~Ravi
Hi Ravi
After growing our blog we communicate through our email account with a lot of people so it gets public.
So those with some malicious intentions would obviously try logging in with the same email.
The way you explained how to disable login option with an email is so easy to understand and one with no coding knowledge can also do it quite easily. As you said taking a backup before doing any kind of change is must to be on safe side.
Thanks for sharing such timely post.
Hey Muba,
You’re totally right. When you start blogging and connecting with people, your email becomes public and it can be a dangerous thing for your blog. To secure your login panel, you should disable this feature.
Just a simple code and you’re all set. For non-techie people, the plugin would do the work.
Thanks for sharing your insight.
~Ravi
This article is awesome especially if you are aware of the facts that it can be a way in getting a hacker access one’s site.
By using this technique, you are at least 50% getting away from possible attacks.
Thanks Rav.
Hey Rodney,
Most of the people don’t really think about such security issues which lead them website to get hacked. Disabling email login can help you add an extra security layer to the login panel.
Thanks for stopping by.
~Ravi
Yes. Exactly!
Actually, there’s a lot of ways site owners can implement on their websites to keep it secure from vulnerabilities. This is just one of the many ways.
And I am glad you’re also sharing this to others.
Thanks a lot, Ravi ?