How To Force User To Login Into WordPress With Username

WordPress Techhyme

In the dynamic and often unpredictable world of online security, every precaution taken is a step towards safeguarding your digital presence. One commonly overlooked aspect of website security is the use of email addresses as login credentials. Many users have a tendency to sign up for various services using the same email address, potentially making them vulnerable to targeted attacks.

In this guide, we’ll explore a simple yet effective code snippet that forces users to log in using their usernames instead of email addresses, bolstering the security of your WordPress site.

While using email addresses for logins is convenient, it can also introduce a security risk. If users consistently use the same email address across multiple platforms, attackers who gain access to this information may attempt unauthorized logins. To counter this, it’s beneficial to force users to log in with usernames, adding an extra layer of security to your WordPress site.

To implement this security measure, you can use a concise code snippet. Open your theme’s functions.php file, usually located in the “wp-content/themes/your-theme/” directory, and add the following line:

remove_filter( 'authenticate', 'wp_authenticate_email_password', 20 );

This code snippet removes the filter that allows users to authenticate using email addresses and passwords, effectively requiring them to use usernames for login.

Implementation Steps

Follow these steps to implement the code snippet:

1. Access Your Theme’s Functions.php File: Connect to your WordPress site using FTP or a file manager provided by your hosting provider. Navigate to the theme folder (usually found in “wp-content/themes/your-theme/“) and locate the functions.php file.

2. Insert the Code Snippet: Open the functions.php file using a text editor, add the provided code snippet at the end of the file, and save the changes.

3. Verify the Results: Test the login functionality on your WordPress site to ensure that users are now required to log in using their usernames.

Why Force Username-Only Logins?

Enforcing username-only logins offers several security advantages:

  • Reduced Attack Surface: By eliminating email addresses as login credentials, you minimize the potential attack surface, making it more challenging for attackers to gain unauthorized access.
  • Enhanced Security: Requiring usernames enhances security by diversifying login credentials and mitigating the risks associated with email-centric logins.
  • Practical Security Improvement: While usernames can also be targets, this tweak provides a practical improvement in security without compromising user experience.


In the ever-evolving landscape of cybersecurity, adapting and implementing proactive measures is essential. Forcing users to log in with their usernames, rather than email addresses, is a small yet impactful step towards enhancing the security of your WordPress site.

By incorporating this code snippet, you contribute to a more robust defense against potential attacks, providing users with a safer and more secure online experience.

You may also like:

Related Posts

Leave a Reply