Quick Start Challenge Banner


How to change admin username in wordpress to protect blog security

How To Change Admin Username In WordPress To Boost Blog Security

Most people don’t know how to change admin username in WordPress, especially since WP dashboard clearly states that the usernames cannot be changed. But, the admin user name has to be changed because the common usage of the “admin” as a username potentially poses a blog security risk. I have found an easy way, so read on.

When newbies set up a WordPress blog it is often suggested to use “admin” as the user name. In some instances admin is actually placed by default in the user box during WordPress set up. This common username poses a security hazard to websites. A potential hacker is well aware that the username of a large majority of bloggers is admin. So if this vermin wants to attack our sites he only needs to be concerned with one parameter, namely the password. If on the other hand he has to configure both the username and the password, his job would be much more difficult and he would move on to a less secure website.

I, like a majority of internet marketers, have been told to use admin as a username and that is what I did. Lately, I have been concerned with security of my blog. I’ve been hearing about more and more sites being hacked and I wanted to take steps to protect my blog.

Among other blog security precautions that I have been undertaking, I have decided to change my admin username. I thought I could easily change it through my profile. Not really.  It clearly says in my wordpress dashboard profile Usernames cannot be changed. So I searched a bit further and came across a few answers all pointing me to the cpanels’s phpMyadmin/Database. My heart sank. I love the cpanel for its simplicity and I can perform many tasks but anything referring me to phpMyadmin/Database, well…

I felt there must be simpler way. So I searched some more. I tried all kinds of search terms until finally I found my answer. Simple, non-technical and impossible to muck-up. My source was the good old WordPress Codex. The reason I was not finding the answer before was because the answer was buried in a long and complex article and not in the title of the article.

In order to save you hours of search I will share my “discovery” with you, so you can easily change the admin user name to something different and add another barrier or protection against attacks on your site.

1. In your dashboard click on Users

Wordpress Blog Dashboard

 

2. When the users windows opens click on “Add New”

How to add a new admin username to WordPress blog

3. Fill out new user information

  1. Add a new username
  2. Input a new email address. You can use any email address including the one for your website, such as support@yourdomainname.com, even if it directs to the same email address you used previously.
  3. In the area for the names use the same name as you have for the original user.
  4. In the circled area select the role of the new user as administrator
  5. Log out
  6. Log in using the new username.
  7. Go back to Users and you will find both the admin and the new user listed there.
  8. Delete the admin user. Make sure that you assign all the posts to the new user (see below). Because the new user was assigned Administrator role he/she can delete other users.
How To Dlete Users In WordPress

Make Sure To Assign All Posts To The New User

And, now you know how to change the username in WordPress without resorting to any techie manipulations. That is all it takes, no geek speak. Pretty simple, right?

Make sure to do this small yet very important change in order to add another protective shield against hackers. It will only take a couple of minutes, but the time spent is well worth it.

Hope you enjoyed the article and found it useful. If you did make sure to click the “LIKE” button and/or leave a comment.

 

 

Don't Miss A Thing, Get Free Updates By Email

 
You Might Also Like:

, , ,

24 Responses to How To Change Admin Username In WordPress To Boost Blog Security

  1. Steve Gilligan February 4, 2013 at 4:57 pm #

    Hi Dita

    Good post. I have done this on all my WP sites except for one step. Where you have deleted the Admin user I have simply given it no privilages for that site.
    In the drop down menu where you assigned the new user as “administrator” if you use this menu for the admin user you can select “none for this site” This will act as a Red herring for any hacker who will be trying to hack a user that has no privilagers so providing extra security.

    It’s a bit late for your sites but it might help others, who knows.

    • Dita Irvine February 4, 2013 at 5:28 pm #

      Hi Steve,

      Thank you for stopping by and providing the extra information. It gives people another angle to look at when changing their admin user name.

      Have a great day,

      Dita

  2. Sue Worthington February 4, 2013 at 6:43 pm #

    Hi Dita

    Really valid point about the admin user name – you think it’s perfectly fine until you start reading up a little and hear about friends having blogs hacked.
    Thanks for pointing this out to us

    Sue

    • Dita Irvine February 4, 2013 at 7:19 pm #

      Thank, Sue for your comment. Every little step we take towards the security of our sites helps.

      Take care,

      Dita

  3. Gordon Smith February 6, 2013 at 2:52 am #

    Hi Dita,

    Thanks for the non-techie solution to an extra security measure. You just have to wonder at the mentality of people who have nothing better to do than to try and hack others sites. Why don’t they create their own sites and do something useful.

    • Dita Irvine February 6, 2013 at 5:45 am #

      Hi Gordon,

      Thanks for stopping by. I agree completely!

      Cheers,

      Dita

  4. Glenn Shepherd February 6, 2013 at 8:41 am #

    Hi Dita,

    Thanks for the awesome info! Anything to make things more difficult for a potential hacker is all to the good. And this method is such a quick and easy thing to implement. Great stuff! 🙂

    Glenn

  5. Barry McKillip February 6, 2013 at 1:15 pm #

    Hi Dita,

    Some really great information in this post.Thanks for a easy security method for my blog

    Barry.

  6. Kent Brown (KBrown) February 6, 2013 at 10:55 pm #

    Great info… this is a must. I know we all are guilty of leaving the ol’ admin in place. Not good. Thanks again for shaking the trees… well thats what my 5 grade teacher used to say when he was making a point that we should have known. Take and I will see you around!

    Kent

    • Dita Irvine February 7, 2013 at 11:30 pm #

      Hi Kent,

      Funny what we remember. Must have been a great teacher if you still remember him/her.

      Have a great day,

      Dita

  7. The Great Gordino February 7, 2013 at 9:04 am #

    Hi Dita,
    Handy little tip there – thanks for sharing!
    Cheers,
    Gordon

  8. Chet February 7, 2013 at 11:09 pm #

    Hi Dita–lovely blog, packed with very useful information! Although I am not at total wordpress or IM newbie, there’s lots here not only for me, but also for some friends who would benefit from various posts and lessons! Good work! I have bookmarked it, and will share it soon, and visit again! I know I am going to need to learn about security etc. as my new, “reborn” copywriting blog grows. Thanks for the tips.

    Chet

    • Dita Irvine February 7, 2013 at 11:32 pm #

      Hi Chet,

      Thank you for your kind words. Thanks for bookmarking my blog. I actually visited your blog and with your background I think your newly reborn blog will be great.

      Cheers,

      Dita

  9. Dita Irvine February 7, 2013 at 11:20 pm #

    Hi Glenn, Barry and Gord,

    Thanks for stopping by and taking time to leave a comment. Sometimes we don’t even realize how doing little things can help.

    Have a great day!

    Dita

  10. Val February 8, 2013 at 10:34 pm #

    Thanks for super-useful info.

  11. James McDonald February 9, 2013 at 1:37 am #

    Great advice, Dita. It’s always best to change the admin name when installing the software but it’s always nice to have an option. Your details were great, step-by-step, nice and easy.

    Being one who has had their WordPress blogs hacked over and over, I have learned through experience to employ certain safeguards to protect my websites from future hacking attempts. Once everything was in place, the problems disappeared.

    1. Get a secure password of at least 63 characters in length (try to avoid using any of the slashes.) I get my passwords from a password generator site: https://www.grc.com/passwords.htm

    2. Use the same style of password for your cPanel and email accounts (so you would end up with three distinctive passwords.)

    3. Install a database plugin for weekly database back-ups. I use WordPress Database Backup available for free: http://wordpress.org/extend/plugins/wp-db-backup/

    4. Another crucial plugin is WordPress Shielded which helps to secure your website against hackers. It is a premium plugin, so not free, but I would not live without it. It’s less than twelve bucks: http://www.bestwsodeals.com/wp-shielded-by-kevin-byrne/

    5. Don’t install every plugin under the sun. Some plugins interfere with others and can cause major problems. Keep it simple but strong. Find out what others are doing and share your discoveries.

    Excellent article, Dita. Keep up the good work!

    James McDonald

    • Dita Irvine February 9, 2013 at 10:35 am #

      Hi James,

      Thanks a lot for a very comprehensive response to this article. I and, I am sure my readers, appreciate your input. I can just imagine your horror when your site was hacked.

      I have now implemented the long password for my blog ad I will be implementing a long password for my cpanel. Although my password was always strong it was not very long, so eventually it could be hacked. The longer the password, the longer it takes to crack it.

      As well, thank you for the information on backup. I believe that this is another area where where people only rely on the build in hosting provider backup, but this may only back up certain files and the posts could still be lost.

      Have great day,

      Dita

  12. Steve February 10, 2013 at 1:00 pm #

    I agree that this is important. Though I tried following your info, I wasn’t able to delete the original admin account that was set up as you indicated. I ended up going into the phpMyAdmin to change it. I discovered two things. I had several databases set up and I didn’t know which one I needed to edit. Solving this required my to look at the contents of the wp-admin.php file. Once armed with the database name, it was relatively easy to open that from within the phpMyAdmin panel and make the edit to the admin name.

    A word of caution. Don’t use your real name for the login if your name appears within the website or from doing a Whois search of the domain owner as this would make it very easy to a hacker to discover. You can and should used the nickname and display name function within the User panel on the WordPress admin page to show the name you want displayed on your posts.

    I hope this helps others

    • Dita Irvine February 11, 2013 at 10:03 am #

      Hi Steve,

      I am surprised you had a problem changing the admin name following my instruction. That is really weird. Anyway, I am glad you found another solution. That is exactly what this post addresses, how to avoid a more complex technical solution.

      Cheers,

      Dita

  13. Joy Healey February 25, 2013 at 9:34 pm #

    Hi Dita

    That’s an extremely clear set off instructions. Thanks very much.

    Wish I’d seen it BEFORE I was hacked!! Anyway, my blogs have been de-admin-ed, better late than never.

    Joy

    • Dita Irvine February 26, 2013 at 8:08 pm #

      Hi Joy,

      Thanks for stopping by. What a thing to happen to someone! Anyway I hope my readers will visit your blog through the link in your comment and read the story. Thanks for sharing your story.

      To your success,

      Dita

  14. Dee Ann Rice February 28, 2013 at 1:33 pm #

    Dita,

    Changing the user name to something else other than admin is definitely a good thing to do.

    Knowing the user name puts the hackers one step closer to getting into your blog. It is a safe bet that the majority of wordpress blogs have admin as their user name.

    Great tutorial on how to change the user name.

    Dee Ann Rice

  15. Donald April 25, 2013 at 11:48 am #

    Hi Dita,

    Great po. I’m glad that I got rid of my ‘admin’ username. I had done everything after being told how to change. Initially wouldn’t let me delete the old username. Anyway, after going through your post I managed it. I have bookmarked your blog for future ref.

    I will try the rest, remembering to copy and paste the code onto Notepad in case I make a mistake..lol.

    I found your blog through Adrienne Smith. Thanks again.

    Regards

    Donald

Trackbacks/Pingbacks

  1. | - February 11, 2013

    […] I? Well I cannot lay claim to this as it was posted on Facebook by one of my Facebook friends Dita Irvine and it’s only right that I acknowledge that by giving her […]

Leave a Reply