Would you leave your front door key under the mat or the pot plant by the door and expect not to be burgled? Burglars know that many people still make these mistakes, so the first thing they do when checking out a house is to see if they can find the key hidden near the door.
Your WordPress website is the same. The most common username set by web designers who should know better is the default “admin.”
Hackers know this, so when they attempt to hack into a site, the first thing they do is try the “admin” username. It is the equivalent of the key under the doormat.
Their computer then rapidly runs through all the common passwords that web designers set to make it easy for their clients to log in: the website name, temp, temppassword, tempadmin, 123password etc.
All too often, by simple brute force, the hackers then break into your site and have their wicked way with your content.
Unfortunately, almost every website I review or rebuild has at least one username set to admin. Often this is the only username on the site, making it doubly dangerous for your security.
Getting rid of the “admin” username and replacing it with a more secure username is the first thing that I recommend you do to increase the security of your WordPress website.
As an aside, the next most common series of usernames are administration, manager, temp, test, or the name of your website (e.g.heartcomms). If you have any of those as your username, change them as well.
Read this post to find some of the other steps to Increase the Security of Your WordPress Website.
What can you do if your username is Admin for your WordPress site?
WordPress does not allow you to change your username once it has been set. You have two main options:
Option 1: Ask your web designer or web host to change it for you at the cPanel.
Option 2: Add a new user with administrator privileges, then log in as that new user and then delete the old “admin” username.
I don’t recommend any of the plugins available to change your username over simply as many have not been maintained in months and there is no guarantee that they won’t break your website or introduce extra security risks.
DIY to change over your WordPress Admin username is simple and straightforward.
To make it easier, here is a walkthrough on how to change your admin username.
Step-by-step to Changing Your Admin Username
1. Log in: Log into your website using your admin username and your password.
2. Backup: Run a site backup to make sure that you have a backup in case you make a mistake.
3. Add New User: On the left-hand side menu, hover your cursor over the word Users and click Add New.
Make sure you tick the box to send the new user an email about their account.
Then set the role as administrator by clicking the drop-down option box.
Important: You can’t use the same email as one already set up. If the “admin” username already is using your main email address, then use a Gmail or secondary email account you may have. You can always change that to your main email address once you have deleted the admin username.
In the email is a link to click where you can set your password. Remember to record your password.
7. Log in with your new Username and Password: Log into your site using your NEW username and password.
8. Go to “All Users”: On the left-hand side menu, hover your cursor over the word Users and click All Users.
If the “admin” username has any content such as blogs or pages attributed to it, if you click “Delete all content” all of the information will be deleted.
Tick the box “Attribute all content to:” and choose your new username.
Once you have triple checked that the box is ticked and the right username is showing, then click Confirm Deletion.
You will be taken back to the All Users page where you will see that the admin user has been deleted.
Change your Username email
If you had to use a secondary email account, now is the time to change your email to your main email account.
1. Edit: Click on the word Edit under your new Username.
2. Display Name: First, check that the Display Name Publicly As box shows your name and not your username. Click the drop-down arrow show all the choices and then choose your name. (This helps stop hackers learning of your new username and targeting that.
3. Change your Email: Type in your preferred email address.
5. Check your In-box: You will receive a confirmation email in your inbox (or junk/spam folder) titled “New Email Address”. Remember, it may take a few minutes to turn up so stay logged in until it does.
Click on the link to confirm your email address, and you will see a “Profile Updated” message above your profile.
6. Log out and celebrate. Log yourself out of your website and congratulate yourself on increasing the security of your WordPress website.
Bonus Security Points
If your WordPress website only has one username, this is the time to add in a backup user, just in case you lock yourself out (or a hacker locks you out), or your email goes out of commission.
Follow the same steps as above to set up a new backup username on a secondary email such as your Gmail account.
Keeping one step ahead of the hackers is a never-ending job. Luckily, changing your username from Admin is a super simple strategy that you can do yourself to help increase your security.
After all, why leave your key under your front doormat?