php - Changing user_nicename

user_nicename has the same value with user_login. I want to change user_nicename value only by using code snippet into functions.php or wp-config.php. Is it possible without using phpmyadmin or any plugin?

user_nicename has the same value with user_login. I want to change user_nicename value only by using code snippet into functions.php or wp-config.php. Is it possible without using phpmyadmin or any plugin?

• php
• database
• users
• login
• mysql

Share Improve this question edited Dec 13, 2018 at 2:53 Tom J Nowell♦ 61.2k77 gold badges7979 silver badges150150 bronze badges asked Dec 13, 2018 at 1:22 Serdar KoçakSerdar Koçak 5222 silver badges77 bronze badges 7

• 1 Note that user_nicename and user_login are separate for a reason, and they aren't the same. user_nicename is the URL sanitized version of user_login, changing it to something else might break things in unexpected ways. Perhaps you actually wanted to change display_name? – Tom J Nowell ♦ Commented Dec 13, 2018 at 2:53
• Hi @TomJNowell , I wanted to change user_nicename only because if I didn't change it, hackers can detect it easy via url and attack to my blog. (brute force). The blog is more secure now. – Serdar Koçak Commented Dec 13, 2018 at 13:09
• usernames and IDs aren't secret, they can be fetched via the REST API, XML RPC, even the CSS classes and URLs in a webpage. Doing this does nothing to improve your security, and if your sites security depends on these things being secret then you have major problems – Tom J Nowell ♦ Commented Dec 13, 2018 at 16:32
• @TomJNowell Could you please clarify what kind of problems do you mean? I didn't change user_login table. I changed user_nicename only. Also I blocked XML-RPC and REST API requests. There is no css class about user_login. My blog is minimal. user_nicename is used to create author permalink only. Hackers can discover username by author query. So I changed it only. – Serdar Koçak Commented Dec 14, 2018 at 0:05
• e.g. on the author pages, when you comment on things. Also by blocking the REST API you're crippling a number of plugins and core features, e.g. the 5.0 block editor, Yoast SEO, Jetpack, etc User IDs and logins aren't a secret, they were never meant to be a secret, and exposing them shouldn't be a security risk. What we have here is security theatre. The only reason user_nicename exists is because if you have an umlaut or other non-URL friendly character in your username, it wouldn't match when you did the query, so it sanitises it ahead of time for performance – Tom J Nowell ♦ Commented Dec 14, 2018 at 14:35

 |  Show 2 more comments

1 Answer 1

Sorted by: Reset to default 6

Yes, you can use wp_update_user():

wp_update_user( array(
    'ID'            => 123,
    'user_nicename' => 'value'
) );

Just replace 123 with the proper user ID, and value with the preferred user_nicename value.

The function also enables you to change the value of other fields in the WordPress users table (wp_users).