Are you looking to remove the email address login in WordPress?
It is a small tweak but could do wonders if your website has recently become a target of brute force attack. And if you are on WordPress, you must take any opportunity to tighten the login security.
In this quick tutorial, we will remove the email address login in WordPress.
Why remove email address login in WordPress?
Once a person knows your email address, they can make a brute-force attack on your website after watching a Youtube video. In Brute Force Attack, hackers try different login password credentials to get into the website. If your email address is known, they will only need to try different passwords with the email address to log in to your website.
And finding the email address is not that difficult, as you might be using it for communication and creating an account on various platforms. Besides, platforms and ecommerce stores are not that secure. If the data is leaked, your email address will be public and could be used to brute force your account.
The majority of ecommerce websites and platforms use excellent security. But for extra security, you can remove the email address login in WordPress.
How to remove email address login in WordPress?
We will be removing email address login in WordPress using a No Login by Email Address plugin. This lightweight plugin ensures that users only use the username to log in to the WordPress dashboard.Â
Follow our step-by-step guide to install the WordPress plugin.
Step 1: First, click on the Plugin from the left-hand admin panel and click on Add New option.
Step 2: Search for the No Login by Email Address plugin in the repository. The search will pull up all the plugins that do this task.
Step 3: Look for the No Login by Email Address by Michael Atkins. Click on the Install Now button.
Step 4: Once installed, you can Activate the plugin.
Step 5: After the plugin is activated, it will remove the ability to use the email address in the login form.
As you can see, there is only a username in the login form. It used to look like the below screenshot.
That’s it. You have successfully removed the email address logins on the WordPress website.
If you wish to change it, deactivate or uninstall the plugin. However, you should notify the website visitors that you have removed the login by email option to reduce the confusion. Else, people will ring your support when they fail to log in.
Final Words
WordPress website security should be a major concern. After WordPress speed, security is what people notice about your website. While quality WordPress hosting takes care of many security concerns, you can secure the login by:
- Using strong passwords
- Restricting usernames in sign up
- Disabling remember me from the login
- Automatically logging out the idle users
- Password protecting the wp-admin directory
- Limiting incorrect login attempts in WordPress
and much more.
In this quick tutorial, we learn to remove email addresses from the login page. If you encounter any error, feel free to comment on it down.