We originally published this piece in 2015. We’ve updated it with additional WordPress security advice in 2019.
Our Google Apps Login Premium and Enterprise plugins allow all users with an email address in an organization’s Google Apps domain to log in to the WordPress site with one click. If the user doesn’t have an account in WordPress already, one is automatically created based on their Google profile information — taking their first name and last name, for example. The plugin needs to generate a unique WordPress username, so the simplest thing is for the plugin to use the email address as the username directly. This ensures it is unique — but an email address can be long and cumbersome as a username when used throughout the site.
Wouldn’t it be great if you could impose a way to generate shorter usernames for your WordPress website that you know are unique? Our extensible platform means that you can!
If you or your developer adds the following to your Theme’s functions.php or to another point in your site, any new auto-created usernames should take the shorter form — e.g., john.smith instead of [email protected].
If you’re not comfortable extending your site with the code below, you can try activating a version of this code that is self-contained in plugin form — download our ZIP file, then Add New / Upload from your Plugins page.
function my_gal_sanitize_username($username, $userinfo) {
$parts = explode("@", $username);
if (count($parts) == 2) {
$username = $parts[0];
}
return $username;
}
add_filter('gal_sanitize_username', 'my_gal_sanitize_username', 10, 2);
The code or plugin should work with the latest versions of Google Apps Login Premium or Enterprise (2.8.6 or higher). Please get in touch with any questions or feedback!
If you want to take your WordPress security a step further, read on for ways to generate hard-to-guess usernames.
Solve Critical WordPress Security Issues
Photo by Philipp Katzenberger on Unsplash
You may already be familiar with the fact that our Google Apps Login plugin automatically increases your security. It adds an extra layer of protection to your login process via Google’s recommended OAuth2. You even have the option to enable multifactor authentication, ensuring that only authorized employees can gain access.
In addition, Google Apps Login helps ensure that employees who leave your organization or shift roles no longer have the same access — particularly to sensitive sites.
All of this can help seal your site against regular brute force attacks and cross-site scripting (XSS) attacks. If you have ongoing security vulnerabilities, these simple fixes can help seal your team against cyber crime.
You can take this protection a few steps further and improve the security of your WordPress usernames by
- avoiding usernames that directly relate to your WordPress site;
- creating usernames that are difficult to guess. (If you need help, you can use a username generator, such as LastPass or Jimpix; and
- adding WordPress plugins to mitigate hacking, including Wordfence and BulletProof Security.
It’s essential to consistently maintain a high level of security on your WordPress site. With WordPress attacks on the rise you want to be sure you know exactly who your users are — and what documents they’re working on at any time. Creating unique usernames and strong passwords are key steps in the process. From there, you can build on your security with more advanced username designs and additional functions for your site.
