Using the default Admin WordPress Account, hackers can easily launch a brute force attack against it. In order to help deter this type of attack, you should change your default WordPress administrator username to something more difficult to guess.


Do not make the following change unless you are comfortable working with PHPMyAdmin and MySQL. If not, ask someone who is familiar with WordPress and MySQL to assist you.  Also, it is of utmost importance that backup your whole blog — including the database — before making any of the changes described below.

To change your WordPress default admin username, navigate to your web host’s MySQL administration tool (probably PHPMyAdmin) and browse to your WordPress database. Locate the users table, in which you will find a user_login column. One of the rows will contain admin in the field. Change this to a complex and hard-to-guess name, which ideally consists of alpha-numeric characters.

IMPORTANT: Even if the username is hard to guess, you will still need a very strong password. If you are out of ideas for passwords, we recommend you to use a Password Generator tool and a Password Store such as KeePass.


Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.