The default WordPress username is “admin”. Hackers know this and apparently the current wave of brute force attacks on WordPress installations around the world is using this knowledge to try and crack your login and take control of your site. In other words if you use the default “admin” username then the hacker only has half the equation to try and crack.
An essential step to secure your WordPress site is to use a different user name, and in doing so make it that much harder for hackers to do their thing.
But what if you already use “admin” as your username? How do you change it?
You *could* wade through the database for your site and try to change it that way, but the following steps are much simpler and probably faster…
- Login using your admin user account. I'm presuming here that your “admin” user account has administrator privileges.
- Once logged in goto Users > Add New – fill in all the details for a new user account. Choose a non obvious username and set the privileges for this new account to Administrator as well.
- Once that new account is created, log out of your “admin” user account and log back in using your new user account that you just created.
- Once logged in under the new user account, goto to the User list in the admin and delete the old “admin” account. When you do this WordPress will prompt you to reassign all the posts associated with “admin” to another account. Choose your new account from the drop down list.
- Once you have completed the step of deleting your own “admin” account all the posts previously posted under “admin” will be associated with your new account and you are no longer using the default username.
A simple step that might just help prevent an intrusion by an unwanted 3rd party.
If you are using “admin” as your login user name, please change this now.