WordPress Security 101: Why delete the WordPress default admin user. If your website uses the default admin user; BEWARE, because odds are, it is only a matter of time before your website is hacked.
We monitor login attempts for websites daily and notice, all the time, persons using the default admin username to attempt illegal entry into one or more websites. The WordPress default admin user ID is the most targeted by hackers because one it’s easy and two every WordPress website starts with this account. Therefore; it is vital to properly secure this default administrator account as soon as possible.
Note: If for ANY reason you must keep the default admin user ID during development, I would recommend to change the password often. The WordPress password generator works well to create a secure password.
The very first WordPress security tweak, you should do, is to remove the default admin user.
Why delete the WordPress default admin user?
If a malicious hacker identifies the administrator ID of a WordPress website, they could then possibly launch an attack specifically against that administrator account. This makes the attack a lot easier because one side of the equation is filled in and now only the password is needed.
If the malicious attacker does not know the WordPress administrator username, they have to then guess both the username and password. This means the chances the attack will succeed are much less and the attack will take longer. The longer the attack takes, the more the chances of identification, which is exactly what they do not want.
By changing the WordPress default admin user ID you are protecting your WordPress from easy targeted attacks.
How to Change a WordPress Username without losing important content.
Easiest Method: Create a New User and Delete the Old One while transferring content to new user.
- Create a new USER ID with the administrator user role. You will need to use a different email address than the old account. You cannot use your old account email, yet. (details to recover old email address below)
- Logout and then Login again with the new user account you just created. Go to the Users section and click on the Delete link under your old username. (delete admin)
- While deleting your old user, WordPress will ask what you would like to do with the old user’s content. Make sure you click on ‘Attribute all content to:’ option and then select the new user you just created. Click on the ‘Confirm Deletion’ button to delete the old user account.
- Done. The old user is deleted and its content (if necessary) should now be associated with the new user.
Note: You can now change the new user email address to the old admin email address if needed.
Extra security tip: To help hide your new administration user ID you should also create and display a nickname instead of the actual ID. The nickname will show instead of the real ID on created Posts and etc.
Need help? Quick Web Design offers a full range of WordPress Security services. Contact us to get started today!!