Recently there’s been a lot of news about hackers attempting to get into WordPress websites. In this particular set of hacking attempts, the bad guys are going after sites where the username is Admin.
Using Admin is like leaving your front door wide open, with a plate of cookies and a pitcher of milk set out for the hackers. It makes of mockery of WordPress security.
If you’ve been using Admin — or a variation of it like “admin1” or “adm” or even “manager” — change it. Now!
#1. Add a New User with Administrative Privileges
Before you can remove the old Admin, you need a user with the Administrator role but with a different user name. There are a few steps, but it’s a straightforward process.
A. Log into your WordPress Dashboard
B. Scroll down and click on Users then Add New
C. Fill in the required information.
It might be a good idea to think about a good username and password before you start doing this. Your username is not meant to be completely secret, so don’t choose a username that’s a password somewhere else!
Your password should be at least 10 characters long. That’s the minimum. More is better. Yes, I know the instructions on the WordPress dashboard say at least 7 characters. Use 10. At least. Please.
Your password should include:
- letters, both upper and lower case
- special symbols like ! @ # $ % ? % &
Your username, email address and password are required, the rest is optional.
C. Change the Role to Administrator
D. Click Add New User
#2. Log Out
That’s right. “Admin” will be leaving the building.
#3. Log in Using your New Username and Password
Once you’ve logged in with your new identity, go back to the Users menu and select All Users. Take a look at the information next to your new username.
Make sure it shows Administrator as your Role.
#4. Delete the “Admin
Once you’ve verified that you’re an Administrator, hover your mouse over the Admin user. You’ll notice two links pop up — Edit and Delete.
WordPress will ask you what to do with the posts that show Admin as the author. You’ll probably want to attribute them to your new username.
Click the Confirm Deletion button.
#5. Check Your list of Users
Make sure that Admin is well and truly gone.
Now relax — you’ve just taken a huge step in making sure your WordPress website is more secure.