By default, WordPress allows users to log in using either an email address or username. The latest version of iThemes Security adds a new setting to allow you to restrict WordPress logins to only accept email addresses or usernames.
New! Restrict WordPress Logins to Email Address or Username with the iThemes Security Plugin
The iThemes Security plugin adds a new setting in WordPress Tweaks with three options for restricting WordPress logins:
- Email Address and Username (Default) – Allow users to log in using their user’s email address or username. This is the default WordPress behavior.
- Email Address Only – Users can only log in using their user’s email address. This disables logging in using a username.
- Username Only – Users can only log in using their user’s username. This disables logging in using an email address.
Once you’ve updated to iThemes Security 6.6 or iThemes Security Pro 4.5, you’ll find the new setting in WordPress Tweaks from the iThemes Security > Settings page in your WordPress dashboard. You’ll see the Login with Email Address or Username section at the bottom of the screen.
You can then select from the drop-down your preferred setting: Email Address and Username (Default), Email Address Only or Username Only.
Click the Save Settings button to save your changes.
Depending on your selection, the WordPress login screen will then reflect your chosen setting.
Add WordPress Two-Factor Authentication for Extra WordPress Login Protection pro
As an added layer of security, we highly recommend enabling WordPress two-factor authentication to further protect your WordPress logins.
Two-Factor Authentication greatly increases the strength of a user account by requiring a secondary code in addition to a username and password when logging in.
The iThemes Security Pro plugin offers WordPress two-factor authentication using a variety of methods (mobile app, email, and backup codes).
You can read more about how to add user-level two-factor authentication to WordPress using the iThemes Security plugin here.
Get iThemes Security Pro with 30+ Ways to Secure Your WordPress Website
Secure your WordPress website today with iThemes Security Pro, the most trusted WordPress security plugin. Get WordPress two-factor authentication, WordPress brute force protection, WordPress malware scan plus 30+ more ways to secure and protect WordPress.
Kristen has been writing tutorials to help WordPress users since 2011. As marketing director here at iThemes, she’s dedicated to helping you find the best ways to build, manage, and maintain effective WordPress websites. Kristen also enjoys journaling (check out her side project, The Transformation Year!), hiking and camping, step aerobics, cooking, and daily adventures with her family, hoping to live a more present life.