image of WordPress logo hacked

WordPress Security: How to Switch to a Safer Username

Block 4 is security

Recently there’s been a lot of news about hackers attempting to get into WordPress websites. In this particular set of hacking attempts, the bad guys are going after sites where the username is Admin.

Using Admin is like leaving your front door wide open, with a plate of cookies and a pitcher of milk set out for the hackers. It makes of mockery of WordPress security.

If you’ve been using Admin — or a variation of it like “admin1” or “adm” or even “manager” — change it. Now!

Here’s how.

#1. Add a New User with Administrative Privileges

Before you can remove the old Admin, you need a user with the Administrator role but with a different user name. There are a few steps, but it’s a straightforward process.

A. Log into your WordPress Dashboard
B. Scroll down and click on Users then Add New

Add a New User

C. Fill in the required information.

Add a New User
It might be a good idea to think about a good username and password before you start doing this. Your username is not meant to be completely secret, so don’t choose a username that’s a password somewhere else!

Your password should be at least 10 characters long. That’s the minimum. More is better. Yes, I know the instructions on the WordPress dashboard say at least 7 characters. Use 10. At least. Please.

Your password should include:

  • letters, both upper and lower case
  • numbers
  • special symbols like ! @ # $ % ? % &

Your username, email address and password are required, the rest is optional.

C. Change the Role to Administrator

Add a New User

D. Click Add New User

#2. Log Out

That’s right. “Admin” will be leaving the building.

#3. Log in Using your New Username and Password

Once you’ve logged in with your new identity, go back to the Users menu and select All Users. Take a look at the information next to your new username.

Make sure it shows Administrator as your Role.

WordPress Roles

#4. Delete the “Admin

Once you’ve verified that you’re an Administrator, hover your mouse over the Admin user. You’ll notice two links pop up — Edit and Delete.

Delete User

Click Delete.

WordPress will ask you what to do with the posts that show Admin as the author. You’ll probably want to attribute them to your new username.

Click the Confirm Deletion button.

Confirm Deletion

#5. Check Your list of Users

Make sure that Admin is well and truly gone.

Now relax — you’ve just taken a huge step in making sure your WordPress website is more secure.