When you install WordPress your default administrator username will be ”admin”, unless you specify another name. By logging into your WordPress admin account you have full permissions to access the WordPress directories and dashboard, meaning that you can control your entire website. If you don’t change your default WordPress admin username, a hacker can easily break into your website. Hackers can perform a brute force attack on your account using the default WordPress admin username in order to retrieve your password and gain access over your website.
To make sure you have a strong administrator username choose uncommon combination of words and preferably include some numbers and symbols, for example “sky723-156”. To change your default WordPress admin username follow these steps:
- Login into your WordPress admin panel using your admin account.
- Select the ”users” area from your dashboard panel, and click on “Add New User”.
- Fill in the form and choose ”administrator” in the ”Role” drop down menu (remember to enter a strong web password and also check the password strength indicator to confirm that your new password is strong enough).
- When finished, click on ”Add New User”.
- Log in again using your new WordPress admin username.
- Navigate to the ”Users” area.
- From the users list tick the box of the previous “admin” username and select ”Delete” from the drop-down menu.
- Next, you will be asked about the articles posted under the the previous ”admin” username. Select the option “attribute all posts and links to:” and select your new administrator password. When ready click “Confirm Deletion”.
- Make sure that the “display name” of your admin user is different from the username, especially if the admin user posts any blog articles. If the actual username is used also as ”display name” of the writer, a hacker can easily identify the admin username and target the account.
Get the latest content on web security
in your inbox each week.