Hronak's Blog

A blog about security & optimizing stuffs by Hronak Nahar

Change Author ID in WordPress

WordPress sets a unique ID for every user account you create. While this isn’t a security flaw, but changing it can prevent script kiddies from messing up with password reset functionality.

What is WordPress Author ID?

Every WordPress user is assigned a unique ID known as “Author ID”. This starts from the number “1” and keeps incrementing as more users are added. This is internally used by WordPress to identify author of the content. By default this can be viewed by anyone using the following URL format.

If such ID exists, WordPress redirects to the author page revealing the username either through a 301 redirect with Location HTTP Header or with the author name in the title of the forwarded page. While revealing username isn’t considered a security, it’s better to set author ID to some really long random number.

Changing Author ID

As of now, WordPress doesn’t have any setting to directly change author ID but it is possible to change the entries in the underlying database.

First Backup

Make sure you backup database. To backup, run this command in your terminal.

mysqldump -u Username -p DatabaseName > DatabaseBackup.sql

Login to MySQL Server

Login to your MySQL server using this command.

mysql -u Username -p DatabaseName

Get Current Author ID

Type the following command in your MySQL Console to list all the available author ID.

SELECT ID, display_name FROM wp_users;

Note: Replace ‘wp_’ in the following command with your own table_prefix value in wp-config.php file.

Sample Output

| ID | display_name |
|  1 | admin        |
|  2 | another_user |
2 rows in set (0.0005 sec)

Now read carefully. In the sample output above we’re going to replace the author ID for the user ‘admin’. As of now, the author ID for ‘admin’ is ‘1’ and we’re going to replace it with, say for example ‘3141592653’.

Update Author ID

To do so, execute the following SQL commands one by one. Again, replace ‘wp_’ in the following commands with your own table_prefix value, which can be found in your wp-config.php file.

UPDATE wp_posts SET post_author='3141592653' WHERE post_author='1';
UPDATE wp_usermeta SET user_id='3141592653' WHERE user_id='1';
UPDATE wp_users SET ID='3141592653' WHERE ID='1';

And by now, the ID of ‘admin’ should be updated with ‘3141592653’. And please note that this will just make it harder for hackers to get your username and nothing else.