How to easily disable WordPress login with e-mail address

Administration of WordPress allows login by default using username and password. As login, you can choose either an email address or the administrator’s username. From a security perspective, can an email address pose a security risk? Why? The overwhelming majority of website owners have their email addresses in contacts directly on the website. And in the overwhelming majority of cases, this email address also serves as the login to WordPress. For a potential attacker, this makes it one of the known access credentials. Just guessing the password is enough. Fortunately, it is possible to disable the use of the email address to log in to the system. In this guide, I would like to show you the simplest way to disable logging in to WordPress using an email address, using a short snippet and the WP Code plugin.

Installing the WP Code Plugin

To insert codes into your website, you can choose between two options. You insert the code directly into the file where it belongs, or you use a plugin that will insert parts of the code into the website during runtime. The second option is better for one simple reason. It is safer and your code won’t be erased with each update that overwrites the file with your code.

Follow these steps to install the WP Code plugin:

  • Click on “Plugins” in the left menu
  • In the submenu, select “Add New
  • In the upper right corner, notice the search field
  • Type in the keyword WP Code
  • Once WordPress finds the plugin, install and activate it.

If you are interested in a complete article where I describe working with this plugin, take a look here: How to Insert Custom Codes into WordPress.

plguin wp code

How to Disable WordPress Login via Email Address

You already have the WP Code plugin installed, which added the “Code Snippets” item to your left menu. Click on it and choose “+ Add Snippet” from the menu. On the next screen, click on “Add Your Custom Code (New Snippet)“. First, enter a custom name for your snippet and then select the code language. The snippet is written in PHP.

Jak zakázat přihlášení do WordPressu pomocí e-mailové adresy

Insert the following piece of PHP code into the code editor:

					remove_filter( 'authenticate', 'wp_authenticate_email_password', 20 );

Once you do that, save the snippet and don’t forget to activate it as well.

Jak zakázat přihlášení do WordPressu pomocí e-mailové adresy

Securing WordPress Login Conclusion

The snippet is active and you can now test it by logging out of the system and trying to log in again using an email address and password. As long as the snippet is active, WordPress will not allow you to log in using an email address and will always enforce the use of the administrator’s username. The administrator’s username can be anything you choose during WordPress installation. Therefore, if you did not choose the common username “admin,” a potential attacker still needs to guess both the password and the login to successfully access the system.

The website is created with care for the included information. I strive to provide high-quality and useful content that helps or inspires others. If you are satisfied with my work and would like to support me, you can do so through simple options.

Byl pro Vás tento článek užitečný?

Klikni na počet hvězd pro hlasování.

Průměrné hodnocení. 0 / 5. Počet hlasování: 0

Zatím nehodnoceno! Buďte první

Jak užitečný vidíte tento článek.

Sledujte mě na sociálních médiích.

Je mi líto, že pro Vás nebyl článek užitečný.

Jak mohu vylepšit článek?

Řekněte mi, jak jej mohu zlepšit.


Subscribe to the Newsletter

Stay informed! Join our newsletter subscription and be the first to receive the latest information directly to your email inbox. Follow updates, exclusive events, and inspiring content, all delivered straight to your email.

Upozornit na
0 Komentáře/ů
Vložené zpětné vazby.
Zobrazit všechny komentáře.

Pokud mi chcete napsat rychlou zprávu, využije, prosím, níže uvedený
kontaktní formulář. Děkuji.

Další Kontaktní údaje