Using the default “admin” as your username login leaves your website vulnerable to brute force attacks. These are attacks by bots that attempt to log into your website by guessing the login username and password. They are often successful because too many WordPress users never change the default “admin” username and use a common password. By changing the username to something unique and creating a strong password, brute force attacks targeting those with “admin” usernames will not gain access to your website.
Here are the steps to changing your username
1. Log into your website and go to your Users page.
2. Click edit under your current “admin” username. The edit button appears when you hover over the username.
3. Change the email to something you don’t use. You need to do this if you want to use that email for your new username. You cannot have two users with the same email address.
4. Click back to your main Users page again. Now you can add a new user.
5. Click “Add New” found at the very top of the page.
6. In the Add New User form fill out the required information. Choose a username that is more unique. It doesn’t have to be complicated. Keep in mind that it will be seen on your site, so it should fit the site. It just should not be “admin,” which all the bots of brute force attacks are programmed to check for.
7. Create a password that is complicated and registers as strong on the strength indicator. If you can remember the password, then it’s not a good password. It should be something you need to write down to remember.
8. Assign the role as Administrator. This is an important step you must not skip! You are about to delete the other admin role and may lock yourself out of your website functions if you do not have access to an admin account.
9. Click “Add New User.” This new admin user should now be functional, but you should test it first. Log out of your website and then log back in using the new username you just created. Go to the Users page and check that the role for this username is Administrator.
10. Assuming all is working and you now have a new admin user, you can now delete the old “admin” username. To do this, check the box next to the “admin” username. Then open the drop down menu that shows “Bulk Actions” and choose “Delete.” Then click the “Apply” button.
11. Before confirming the deleting of the admin username, it will ask you whom you want to attribute all the admin’s posts to. Choose another user to become the author of those posts. Skip this step and you will end up deleting all those posts.
This is a quick and easy process, but do go through it slowing and carefully. You don’t want to accidently delete posts or the wrong user, or worse, lock yourself out of your own website.
