How to change the default “admin” WordPress user

banner-security-v4

The default WordPress username is “admin”. Hackers know this and apparently the current wave of brute force attacks on WordPress installations around the world is using this knowledge to try and crack your login and take control of your site. In other words if you use the default “admin” username then the hacker only has half the equation to try and crack.

An essential step to secure your WordPress site is to use a different user name, and in doing so make it that much harder for hackers to do their thing.

But what if you already use “admin” as your username? How do you change it?

You *could* wade through the database for your site and try to change it that way, but the following steps are much simpler and probably faster…

  1. Login using your admin user account. I'm presuming here that your “admin” user account has administrator privileges.
  2. Once logged in goto Users > Add New – fill in all the details for a new user account. Choose a non obvious username and set the privileges for this new account to Administrator as well.
  3. Once that new account is created, log out of your “admin” user account and log back in using your new user account that you just created.
  4. Once logged in under the new user account, goto to the User list in the admin and delete the old “admin” account. When you do this WordPress will prompt you to reassign all the posts associated with “admin” to another account. Choose your new account from the drop down list.
  5. Once you have completed the step of deleting your own “admin” account all the posts previously posted under “admin” will be associated with your new account and you are no longer using the default username.

A simple step that might just help prevent an intrusion by an unwanted 3rd party.

If you are using “admin” as your login user name, please change this now.

7 comments on “How to change the default “admin” WordPress user
    • Yes, but isn’t it better to change the posts displaying as being created by “actualname” rather than “admin”? Keep in mind too that in the user admin you do have some control over how the site displays your name on posts etc.

      I really do think this is an important security step.

  1. Would this also work to switch the user who administers the site? I never use ‘admin’ as my username when I setup a site, and I will be wanting transferring ‘ownership’ to a new admin for a site I’m developing for someone else.

  2. I have been changing out my admin by creating a new user with different email address and with admin role, then deleting admin and assigning admin post to new user, and changing the email address back to the original admin email, and using a nickname related to the brand, so that posts from that user are “official” from the brand, and not just admin.

    I don’t know if that is still a security risk as such but it removes admin, and there are other ways to secure the site as we know… this only takes a few minutes..and I’m not against using a plugin, but it seems easier to just do what I have done..

Leave a Reply

Your email address will not be published. Required fields are marked *