WordPress Security: How to Change the Default Admin Username
WordPress security is a crucial aspect that webmasters often overlook. With the increasing number of direct brute-force attacks on millions of websites powered by WordPress, it is essential to prioritize site security. Unfortunately, WordPress security is often at the bottom of a website’s to-do list. This article discusses the importance of WordPress security and the immediate hazard surrounding the practice of using the ‘admin’ user account. We’ve also written a tutorial describing how to change the default admin username in WordPress.
Why is the Admin Account a Security Risk?
The admin account is the default account name that comes with every new WordPress installation. Its user role is Administrator, which means it holds the highest access power in every WordPress site. It can inject malicious code, steal sensitive data, and even delete your site entirely. Using admin as the username for an account with Administrative privileges is a significant security loophole.
When a hacker wants to gain access to your WordPress site, they need to decipher two elements: the WordPress username and corresponding password. When most WordPress sites are running “admin” as their username, the hacker has 50% of their work cut out for them. They could simply start the brute-force attack and try every possible character combination as the password. This process destabilizes your server and makes your site vulnerable to attacks.
How to Change the Admin Username
Usernames are not changeable in WordPress. However, you can create an entirely new admin account with a unique name and strong password, log back into your WordPress installation with the new admin account and then delete your old account. You should be prompted to reassign all of your old posts to another user (e.g. your new admin account). Alternatively, you can change your current admin account using phpMyAdmin.
Step-by-Step Guide to Changing the Admin Username
1. Gain Access to phpMyAdmin
phpMyAdmin is a web-based GUI software that gives you interactive access to your server’s database. Most shared hosting providers give access to phpMyAdmin, and it is available in cPanel. Once you get access, select your WordPress database.
2. Selecting the Correct Username
Select the wp_users table since it contains the value you want to edit. You should see a screenshot with the following variables:
– ID: sequentially identifies all the users that have registered in a WordPress installation.
– user_login: stores the actual username of the user.
– user_pass: contains the corresponding password, encrypted in MD5.
– user_nicename: is the full name of the user.
– user_email: stores the email address of that user.
– display_name: how the username is displayed across posts and pages.
We want to change the user_login field. Optionally, we could change user_nicename and display_name. To do this, select the Edit option.
3. Change the Values
phpMyAdmin will take you to the individual fields for the admin entry under wp_users. Change the values to suitable ones. Once completed, click on Go to commit the changes.
4. Test It Out
Log in to WordPress using the new username and the old password. WordPress should recognize the new username, and all previous data should be left unhampered.
Changing the default WordPress admin account to something else hardens the security of your WordPress site. It is considered one of the best security practices for all WordPress webmasters and/or developers. If you’ve been using the admin username, it is high time you changed it. This tutorial is 100% WordPress intensive, and we’ve explained the WordPress database’s table attributes along with their respective purposes. If you ever get stuck, feel free to use the comment form or ping us on Twitter.