WordPress default “admin” account exists
Acunetix WP Security Plugin test:
During this test Acunetix looks for the default admin account in the WordPress user list.
With the default WordPress administrator account active, a malicious user does not have to guess the username of other accounts with administrative permissions, thereby putting your WordPress security at risk and making it easier and faster to design an attack.
If it is a new WordPress installation, you can simply create a new administrative account and delete the default admin account. On an existing WordPress installation you may rename the existing account in the WordPress database by using the following MySQL command:
update tableprefix_users set user_login='[username_of_choice]'
Instead of using command-line, you can also use a MySQL interface like phpMyAdmin to change the default WordPress admin account.