When you install WordPress, you’ll notice that your username is automatically set to the default “admin”, which you can then use to log into your dashboard with Administrator User Role. This makes “admin” just about the most predictable username, which can potentially cause you problems further down the line and enhances the chance of security risks on your site.
Why is using admin as username is a mistake?
Hackers need two pieces of information to gain entrance to your WordPress site’s back-end through the proverbial front door; your username and your password. Leaving your username as generic and common as “Admin” is gifting them half of that information.
All they need to do is to perform a brute force attack – using automatic scripts to try every possible character combination as the password – to crack your login and take control over your site. This opens up your site to them, allowing them to inject malicious code to steal sensitive data and in the worst case, delete your site completely.
How to put it right
It’s recommended that you treat the username as a password in their own right.
Make sure your username is not easy to guess and always ensure that it is completely different to your published screen-name. Whenever you set up a new WordPress account, don’t forget to change your username to something unique.
If you already have “admin” as a username – don’t worry, there is an easy fix to this.
First, create a new administrator account by logging into your dashboard and going to “Users” and selecting “Add New”. Create a new user and ensure that the role of the new user is set to administrator.
Then log out of your account. Log in again under your new administrator account.
Then, only once you’re confident that you are able to do this and can remember your new password, delete the old account where “admin” is the username under “Users” – All Users.
From now on, log in to your account under your new administrator account.
Was this article useful? Please share!