For years, when you installed WordPress it would suggest that you set your username to “admin”. As a result, millions of WordPress sites have a user with the name “admin”, so hackers go after that quite a lot. If your site uses a different login username, you’re instantly protected from those kinds of attacks.
Easy fix?
Ok, so no problem — change your username. Except when you go in to WordPress to change it (under “Users” –> “Your Profile”), you find that it’s greyed out and can’t be edited…
The real fix
While there are plugins that can allow username changes, there’s a chance things could go wrong depending on your setup. Instead, we’ll create a new account with a better username and then move your content over. This should only take a few minutes, and here’s how to change it.
- Edit the email address on your existing account to something else. For example, maybe just put an “x” at the end. You’ll want to use your real email address for the new account, but WordPress won’t allow you to use the same email address on two users accounts.
- Create a new account on your site (under “Users” –> “Add New”), with “admin” level credentials but using a better username (such as your first name).
- Log out of your “admin” account and log in as the new account.
- Go to “Users” –> “All Users”, hover over your old “admin” account and choose “delete”.
- When deleting the old account, you want to “attribute all content” to your new account. This is critical. If you choose to “delete all content”, then every page/post/etc created with your old account will be removed. This is a screen that we’ve personally worked on with WordPress to improve the clarity of what is going to happen.
That’s it! From now on, you can log in with your new account, and any spammers that try to hammer your site and log in as “admin” have a 0% chance of ever being successful. There are other things you should do to help protect your site, but this is a solid start.