Do you want to remove the option to log in with an email address on your WordPress website? Email addresses are widely used as a sign in requirement on many websites, but the more people who know your email, the less secure that is. A popular alternative is to have visitors create a username to log in instead.
A username can be different on every website that lets you create one. This can help you guard against brute force attacks on your website. WordPress security should be one of the biggest concern of any web developer. Today, I will demonstrate how to remove email address login in WordPress by using the No Login by Email Address plugin.
Pros of Removing Email Address Logins
Anybody who knows your email can attempt a brute force attack. Think about it, it only takes an email and a password to login to most websites. If you have one of those two pieces of information, guessing the other is trivial with software. Emails are not just used for one account either. Take a minute and think about how many accounts need your email address to log in. It’s probably a lot.
This means that anyone who knows your email could attempt to log in as you. Of course, most major websites have excellent security to guard against these type of cyber attacks, but that’s not always the case for smaller and newer websites.
Cons of Removing Email Address Logins
In a perfect world, every visitor will create a unique login for every website, but that is simply not the case. In fact, most people prefer to use the same login information for multiple websites. Don’t do this! It can create a domino effect for accounts to be breached. Just because you take out the email address does not mean visitors will use a unique username.
It is more than likely that they will use the same username for every website and that will have the same result as using your email to log in. Forcing users to stop using their email address to log in will rarely solve the core problem, but it can be worth trying.
How to Remove Email Address Login in WordPress
Today, I will demonstrate how to remove email address login in WordPress by using the No Login by Email Address plugin. This plugin will immediately remove the option to log in with an email address on WordPress. Users will only be able to log in with their usernames after the plugin is activated. Keep in mind that you can deactivate the plugin at any time you would like to use email addresses to log in again.
Installing and Using the No Login by Email Address Plugin
Let’s begin by clicking on Plugins and selecting the Add New option on the left-hand admin panel.
Search for No Login by Email Address in the available search box. This will pull up additional plugins that you may find helpful.
Scroll down until you find the No Login by Email Address plugin and click on the «Install Now» button and activate the plugin for use.
This plugin works after activation. Unlike other plugins, there are no settings to change on this plugin. You can now view the changes on your website.
Before the plugin was installed, you would see this:
After the plugin was activated, you will see this:
Congratulations, you have successfully eliminated email address logins on your WordPress website. You can deactivate the plugin at any time to restore email address logins. Keep in mind that you should notify all of your visitors about these changes to prevent confusion. You should expect a lot of login difficulties during this transition.
Alternative Method Without a Plugin
Many websites like to avoid using plugins whenever possible. They can slow down your website, which hurts your website’s SEO. It is possible to do it in this case, but it is far more confusing for visitors. You can add a few lines of code and display an error message when a visitor uses an email to log in. This will not remove the Username or Email Address like the previous method, which will lead to confusion.
Let’s start by logging into the cPanel and clicking on the File Manager option. The File Manager will allow you to access all of the files related to your website.
You need to locate your theme’s functions.php file. Click on the public_html directory, then click on the wp-content folder. Inside of this folder, you will find all of the content related to your website. Click on the themes folder and enter the folder of the theme you are currently using. Finally, right-click on the functions.php file and select the Edit option.
A pop-up window will show up. This box will warn you to create a backup of your files before editing anything. This will ensure that you can revert your website back to when it was working if something goes wrong. Click on the «Edit» button. A new tab will open containing all of the code from the file.
Copy and paste the following lines of code into your functions.php file:[ht_message mstyle=»info» title=»» show_icon=»» id=»» class=»» style=»» ]remove_filter( ‘authenticate’, ‘wp_authenticate_email_password’, 20 );[/ht_message]
Once you have inserted the code into the functions.php file, click on the «Save Changes» button to finish.
Now if a visitor tries to log in using an email address they will see an «Invalid Username» error. I do not recommend using this method because it can be very confusing to visitors, but it is your choice.
Take Security Seriously
Security should be your website’s biggest concerns and there are many important things to do to keep it safe. The default WordPress platform has no security flaws, but that doesn’t mean hackers do not find a way. In fact, because WordPress is the world’s most popular website platform, it is always under attack. That is why it is crucial to always keep your website up to date with the latest WordPress version.
Do you think that your website is safer using only username login? Do your visitors have any login issues?