Is Admin your WordPress username? That’s bad news for you. (Great news for the hackers who are desperate to overtake your site to display their porn/malware/whatever they’re into these days.)
But don’t worry. I’ll show you how to fix that security issue in just a few minutes.
Why is Admin a bad username?
WordPress is used by 32% of websites (as of Dec 2018). Unfortunately, if you used one of the popular shared hosting account with a one-click “app install” of WordPress, they may have forced you to use that (really bad) username when they installed WordPress on your server.
Not your fault, I get it.
But since hackers know that Admin is such a popular username (and because they also know where the default login page is for most WordPress sites), it’s just a matter of time before their automated robots find your site, find its login page, and brute-force attack their way into guessing what the password for your Admin username is.
Get the seriousness of this problem now?
Fortunately, changing your username is pretty straight forward, as long as you have a second email address you have access to.
How to change your username
1- Login to the backend of your WordPress site.
2- Go to Users -> Your profile
3- Make note of the email address associated with your account. You’ll need a separate email address that you’ll be able to access.
4- Go to Users -> Add new
5- Set up a new username associated with a separate email address. Make your new username DIFFICULT to guess. Do NOT use your website name (that’s another username the hackers know to hack). For example: AwesomeKid76 would be a great username for this site. It has absolutely nothing to do with my real name or my website name, so hackers will have a harder time guessing it. (There are other precautions that can be taken, but I’ll cover those in separate security tips.)
Set the level to Administrator. Click to view the automatically generated password. Feel free to change it, but make it LONG & SUPER DIFFICULT to guess. Not kidding. Hackers aren’t just people, they’re powerful computer programs.
6- Once your new username is set up, log out of your Admin username account, then test out your new username and password (to make sure you saved the new credentials correctly).
7- Once you’re in with your spanking new credentials, you’ll need to DELETE the old Admin username. As part of that process, WordPress will ask you what you want to do with the posts that were created by that user. Assign them to your new username.
8- That’s pretty much it. If you want, you can delete your old Admin credentials from your password tool/browser/etc. since they are now useless.
9- Once your old account is deleted, feel free to edit your latest account and update your email address to what you used before (if you want to).
9- BONUS STEP: There’s another quick thing you can do with your new username to make sure it’s a little more secure. See here.