In the name of WordPress security, never use “admin” as your username!
Unfortunately, the popularity of WordPress doesn’t just attract users. It attracks hackers as well, and they are always eager to crack the “code” of web applications. Regular attempts to hack websites using brute-force attacks is commonplace. With respect to WordPress, this form of attack consists of repeated attempts to login using the username ‘admin’ in conjunction with an array of common passwords.
If you are currently using ‘admin’ as your username, then you have a site that is a prime target to be hacked.
Well, up until version 3.0, installing WordPress automatically generated the first user with ‘admin’ as the username. This easily identifiable pattern did not elude the ever-creative hacker community.
Fortunately, this was changed with all subsequent versions of WordPress, which now gives you the option to choose your username. Unfortunately, far too many WordPress users still use ‘admin’ without knowing how vulnerable they are. Additionally, many hosting providers have an all-to0-easy WordPress installation script that many people use, which will set up an ‘admin’ username by default.
So, let’s remove your ‘admin’ username
We need to create a new username and delete that vulnerable ‘admin’ username.
Step 1. Hover over ‘Users’ in the left navigation panel in your dashboard.
Step 2. Click on ‘Add New User’ in the flyout menu.
Step 3. Fill out the form and choose ‘administrator’ in the ‘Role’ drop down menu at the bottom of the form.
Step 4. Enter a very strong password. Make sure the ‘Strength Indicator’ box reads “strong” when creating your password
Step 5. Click on ‘Add New User’ when you are done. You have now created a new user.
Step 6. Now logout and then log back in using your new WordPress admin username.
Step 7. Go back to ‘Users’ and select ‘All Users’ from the flyout menu.
Step 8. Locate the user ‘admin’, tick the box and select ‘delete’ from the drop-down menu.
Step 9. Next, you will be taken to a page that will ask, “What should be done with posts owned by this user?” If you have posts published under this old admin user, simply check the “attribute all posts to:” button and select your newly created username. This will transfer all posts created under the admin username to the new one you just created.
And that’s it. You have just taken a necessary step to making your WordPress-powered website even more hacker-proof.
Tip: Make sure that the ‘display name’ is different from the username you just created. If the actual username and display name are the same, hackers can potentially identify the admin username… not good.