Username Security


On this help page, there is a part about the the Full Name field, how using the domain name for this field would “disclose too much personal information”.

Would it be a similar security risk to use the domain name for the actual Username?

What about if the MySQL DB Username matched either the domain name or website Username?

Should I try to keep all of these fields unique: Domain name, website Username/Full Name, MySQL Username?


Yes, this is a security risk, in the same way that using your birthday as a PIN on your debit card is a security risk.

Hackers are always going to try to use the most obvious choices to hack into your account. Don’t make it easy for them.

I run a lot of WordPress sites, and I regularly get people trying to login with “admin”, “admin1”, “mydomain_admin”, “myusername”, etc. Why do people do this? Because a lot of times it works.


My passwords are good but didn’t realise usernames should also be scrambled. I do have a couple issues, then, where the SFTP username matches the MySQL username.

Thank you for your input!