WordPress is one of the most popular blogging platforms, with millions of users worldwide using it everyday for various purposes.
With that in mind, it’s also one of the most targeted platforms for hackers.
Needless to day, keeping your WordPress installation secure is on the most important things you can do for your blog.
Unfortunately, there are still many bloggers out there who ignore one of the simplest changes they can make to ensure their blog is secure – which also happens to be one of the most exploited vulnerabilities in WordPress.
That is to change their admin username from the default ‘admin’.
Everytime the hackers try to perform one of their brute-force attacks on any WordPress site, they will go for ‘admin’ as the username.
That was the default username WordPress shipped with for years up until version 3.0, when you were finally able to choose a custom username during installation.
In fact, most hosting companies today which offer one-click WordPress installers, like Softaculous or Fantastico DeLuxe give you the option to pick your own administrator username, preferably something other than admin.
There are a few ways to change your admin username and we will go over them in today’s post.
Different ways to change the WordPress admin username
You can change your WordPress username:
- Manually by creating a new user with administrator rights
- By changing the username in phpMyAdmin or
- With the help of a plugin
How to change the wordpress admin name manually
The easiest way to change your username is by creating a new user with administrator rights. To do that, log into your Dashboard, and click on Users > Add New.
Create a new user with a desired username with administrator rights. Make sure to use a different email address, or change the old admin email address if you want to use it for the new user.
After that log out. Login with your new username, go to Users, and simply delete the old user with the name ‘admin.’ It will ask you what to do with the user’s content, go ahead and assign it to the new user you just created.
How to change the WordPress admin name with phpMyAdmin
For those feeling slightly more adventurous, you can change your username in your cPanel and phpMyAdmin.
First of all you will need to login to your cPanel and scroll down till you find phpMyAdmin.
Then select the database your blog is hosted in.
In the left hand side you should see a list of all the tables for that database. Click on the one that says wp_users. Then click on the username you want to edit.
Change the user_login value to whatever you want, hit the Go button and you are done.
Now go back to your site and remember to log in with your new username.
How to change the admin name with the help of a plugin
If the thought of touching anything in phpMyAdmin makes you nervous, fear not; you can also use several plugins to change the wordpress admin username.
Some of them were created specifically for that purpose, and some offer plenty more features to further secure your site.
One of the simplest plugins for the job is Admin Renamer Extended.
This plugin does what it says: allows you to change your admin username, as well as all other administrator usernames (in case of multi-author blogs) and is multi-site compatible.
Another simple plugin for the job is Username Changer which does the same thing Admin Renamer Extended but it also updates the display names if it matches the username.
iThemes Security (formerly Better WP Security) goes a step further with various features that help secure your site from preventing brute force login attacks, regularly scanning your site for suspicious login attempts to renaming the admin user account, generating strong passwords and removing the default ID on the user with ID 1.
Sucuri Security is another more complex plugin which monitors your site for malware and helps you prevent brute force attacks by hardening vital parts of your website. One of the options includes checking whether or not you have admin username in use and options to change it.
Note: Sucuri also offer a paid security plan which offers additional features including black list monitoring and server side scanning, learn more here.
As you can see, changing your WordPress admin username is straight forward, and no matter which method you choose, it shouldn’t take you longer than 5 minutes.
Considering ‘admin’ is one of the most attempted login names with hackers, it’s worth taking 5 minutes out of your busy schedule and changing it to something else so you can make sure your site is less vulnerable to hacker attacks.