Don’t Use Admin As Your Username

Image: Dont Use Admin As Your Username

Most of the time, when you set up a new WordPress site, you’re set up with an administrator account whose username is “admin.” It’s the default setting for WordPress. This is problematic for a number of reasons.

Before we get into those reasons, it’s worth mentioning that some hosts will allow you to specify a username and password upon setting up the WordPress site. In that case, you should not use “admin” as the username.

Now if you have an “admin” user, the lesson here is that you should replace it with a different username. The problem with the “admin” username is that this has been the standard with WordPress for a very long time. And because many users historically have not changed the username, hackers have an easier time at getting access to your site. Remember, there are two things needed to get into your WordPress admin: your username and your password. Now if a good chunk of WordPress users have an administrator account using “admin” as the username, hackers now have 1 of the 2 pieces of information needed to gain access to your site. Not ideal. What has kept most folks from changing the username is the inconvenience of doing so.

The thing with WordPress, however, is that you can not change usernames. So let’s say you’re currently logged in to your WordPress site. Your “admin” user is your only user with administrator rights. In that case, you would have to create another administrator account that is separate from the “admin” user and delete the admin user while migrating the content from the “admin” user to the new user.

Here are the steps you need to take in an easier to read format:

  1. Log in to your “admin” user
  2. Navigate to Users and create a new user account with administrator privileges. Make sure you remember the username and password. This will be your new administrator username account.
  3. Log out of your “admin” user account.
  4. Log in to your new user account.
  5. Navigate to Users and delete the “admin” user.

IMPORTANT: When you attempt to delete the “admin” user, you’ll most likely be prompted to select whether you want to associate the “admin” content with another user. Here is what that screen looks like:

Image: Confirm Delete Screenshot

The two options are:

  1. Delete all content
  2. Attribute all content to:

Make sure you select “Attribute all content to:” and assign the content to your new username. This is important because if you proceed with the default setting of “Delete all content,” you’ll end up deleting all of the content that was published under the “admin” user. And don’t take lightly who the content is assigned to. As a good rule of thumb, make sure that when switching content from a deleted user to a different user, they share the same rights.


Want to read more articles like this one? See 25 Ways to Improve WordPress Security 


Sign Up for New Content