When you install WordPress your administrator username will be ”admin”, unless you specifically specified another username. If you don’t change your default WordPress admin username, you are making it easier for a hacker to break into your website and in doing so gain full control. Hackers can perform a brute force attack on your account using the default WordPress admin username in order to retrieve your password and gain access over your website.
To make sure you have a strong administrator username choose uncommon combination of words and preferably include some numbers and symbols, for example “sky723-156”. To change your default WordPress admin username follow these steps:
- Login into your WordPress admin panel using your admin account.
- Select the ”users” area from your dashboard panel, and click on "Add New User".
- Fill in the form and choose ”administrator” in the ”Role” drop down menu (remember to enter a strong password and also check the password strength indicator to confirm that your new password is strong enough).
- When finished, click on "Add New User".
- Log in again using your new WordPress admin username.
- Navigate to the "Users" area.
- From the users list tick the box of the previous "admin" username and select "Delete" from the drop-down menu.
- Next, you will be asked about the articles posted under the the previous "admin" username. Select the option "attribute all posts and links to:" and select your new administrator password. When ready click "Confirm Deletion".
- Make sure that the “display name” of your admin user is different from the username, especially if the admin user posts any blog articles. If the actual username is used also as ”display name” of the writer, a hacker can easily identify the admin username and target the account.