How to Change WordPress ‘admin’ username for Security Reasons
Blog Hackers try “admin” username First!
If a hacker tries to break into your account, they assume that your WordPress login username is “admin”. If they are correct, then they have a better chance of breaking into your WordPress blog or website. Now they only need to guess the correct password. So to make your site safer, simply change the “admin” username to something else!
Who Cares about WordPress Security?
In the beginning of April 2013, there was a wave of hack attacks on WordPress blogs and websites. If you were not affected, consider yourself LUCKY not SMART! Here’s some more information on the recent Brute-Force attacks on WordPress blogs and websites. The point is to prepare yourself for the next wave of attacks!
What are Brute Force Attacks?
Brute-force attacks on WordPress sites are basically computer programs that try thousands of different usernames and passwords on the WordPress website login page until they get a combination that works. These software programs try many different WordPress login username and password combinations on random sites, until it finds a login / password combination that works. Don’t let that happen to your WordPress website.
Many times these programs will assume that your WordPress login username is “admin”. This is an excellent guess at your username because so many WordPress blogs and websites have this login username as the default. So now the computer software program only has to guess the password that you used in combination with the login username called “admin”. You’ve just made the job of hacking into your site significantly easier for the hacker and their automated software programs. You don’t want to do that!
So the first step you should take in making your WordPress website more secure is to simply change the login username from “admin” to something else.
Here’s another great post from a great blogger Nile Flores about Brute-force attacks on WordPress sites and some other things you can do to keep your site safe.
I just got an email today from the developer of one of my favorite WordPress Security Plugins — Wordfence. The email contained the following excellent written steps for changing the WordPress login username.
To rename your WordPress ‘admin’ user:
- Sign in as ‘admin’.
- Create a new user in your WordPress site.
- Choose a hard-to-guess username, but don’t make it so difficult that you’ll forget it.
- Make sure that the new user’s role is “administrator”.
- Choose a password that has upper and lower-case letters and numbers in it. Symbols are OK too. (symbols like: #@%&*^). Never use the word ‘password’ in your password, even if it has a different case and includes numbers.
- Click “Add new user”.
- Logout as ‘admin’.
- Login as the new user.
- Delete your old ‘admin’ user and assign all posts/pages/comments to your new admin user.
Congratulations, you now have a more secure WordPress system.