Username Security


On this help page, there is a part about the the Full Name field, how using the domain name for this field would “disclose too much personal information”.

Would it be a similar security risk to use the domain name for the actual Username?

What about if the MySQL DB Username matched either the domain name or website Username?

Should I try to keep all of these fields unique: Domain name, website Username/Full Name, MySQL Username?


Yes, this is a security risk, in the same way that using your birthday as a PIN on your debit card is a security risk.

Hackers are always going to try to use the most obvious choices to hack into your account. Don’t make it easy for them.

I run a lot of WordPress sites, and I regularly get people trying to login with “admin”, “admin1”, “mydomain_admin”, “myusername”, etc. Why do people do this? Because a lot of times it works.


My passwords are good but didn’t realise usernames should also be scrambled. I do have a couple issues, then, where the SFTP username matches the MySQL username.

Thank you for your input!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.