By default, WordPress allows users to log in using either an email address or username. The latest version of iThemes Security adds a new setting to allow you to restrict WordPress logins to only accept email addresses or usernames.

To take advantage of this update, you’ll need to update to iThemes Security Free (6.6.0) or iThemes Security Pro (v. 4.5.0). Current iThemes Security Pro, Plugin Suite and Toolkit customers will find the 4.5.0 update available for licensed sites or as a manual download from the iThemes Member Panel. Save time & update iThemes Security on all your sites at once from the iThemes Sync dashboard.

New! Restrict WordPress Logins to Email Address or Username with the iThemes Security Plugin

The iThemes Security plugin adds a new setting in WordPress Tweaks with three options for restricting WordPress logins:

  • Email Address and Username (Default) – Allow users to log in using their user’s email address or username. This is the default WordPress behavior.
  • Email Address Only – Users can only log in using their user’s email address. This disables logging in using a username.
  • Username Only – Users can only log in using their user’s username. This disables logging in using an email address.

Once you’ve updated to iThemes Security 6.6 or iThemes Security Pro 4.5, you’ll find the new setting in WordPress Tweaks from the iThemes Security > Settings page in your WordPress dashboard. You’ll see the Login with Email Address or Username section at the bottom of the screen.

login with email address WordPress

You can then select from the drop-down your preferred setting: Email Address and Username (Default), Email Address Only or Username Only.

Click the Save Settings button to save your changes.

Depending on your selection, the WordPress login screen will then reflect your chosen setting.

wordpress login

Note: It’s a good idea to alert other frequent users of your website such as other admins and editors about any login requirement changes.

Add WordPress Two-Factor Authentication for Extra WordPress Login Protection pro

As an added layer of security, we highly recommend enabling WordPress two-factor authentication to further protect your WordPress logins.

Two-Factor Authentication greatly increases the strength of a user account by requiring a secondary code in addition to a username and password when logging in.

The iThemes Security Pro plugin offers WordPress two-factor authentication using a variety of methods (mobile app, email, and backup codes).

wordpress two-factor authentication

You can read more about how to add user-level two-factor authentication to WordPress using the iThemes Security plugin here.


Get iThemes Security Pro with 30+ Ways to Secure Your WordPress Website

Secure your WordPress website today with iThemes Security Pro, the most trusted WordPress security plugin. Get WordPress two-factor authentication, WordPress brute force protection, WordPress malware scan plus 30+ more ways to secure and protect WordPress.

Get iThemes Security Pro now

The post New! Restrict WordPress Login to Email Address or Username Only with iThemes Security appeared first on iThemes.

Powered by WPeMatico