I love running a website. I really, truly do, but one of the things that scares me is the possibility of my site being hacked. The fear is real, friends. Thankfully there are some steps we can all take to secure our sites. Creating a secure username + password combo is one of them. Sadly, as much as I love WordPress, there’s a big security risk present in lots of installation – the admin username. Most WordPress installers have a default username – admin. Hackers know this and it’s therefore the single most used username in brute force attacks. You might be thinking, big deal I can just change my username, right? Except it’s not so easy to change a username on WordPress.
Why is it not so easy? Because there’s no native way to just change a username. Instead we have to do a work-around of creating a new username and then deleting the old one. Yikes. Sounds a little scary and complicated but it’s really not. It only takes 4 quick steps. So if you’re someone stuck with the admin username or an easy-to-guess username, let’s fix that right now and change your WordPress admin username!
1. Change your admin username’s email address
Go to Users -> Your Profile from the left sidebar. You’ll see your WordPress user profile page, scroll down to “Contact Information”. In the email field, change your email address to one of your other email addresses or make up a fake one for now.
2. Add Your New Username
Go to Users -> Add New User. You’ll see the Add New User page, here enter the information for your new username. The four most important being fields on here are
- Username: Here you’ll enter what you want your new username to be, aka NOT Admin. Use something that will be difficult to guess and not common. Some usernames you’ll want to avoid in addition to “admin” – “webmaster”, “support”, “main”, etc. Additionally avoid usernames that will be easy to guess in relation to your site such as your name, blog name, etc.
- Email Address: Enter the one you want connected to your blog, my guess the one you just delete from your current username.
- Password: Advice on passwords is everything but bears repeating – make it hard to guess, not a common “password1234” kind of thing, use uppercase + lowercase letter, numbers + symbols.
- Role: Be sure to change this from “Subscriber” (the default) to “Administrator” otherwise you won’t be able to finish the process of switching usernames.
The rest you can fill out as you deem necessary and everything except the actual username can be changed later on. Once you’re done, click on the “Add New User” button at them bottom of the page. Once it’s done, you’ll be redirected to the Users page and see both usernames listed.
3. Log Out / Log In
Log out of your current username and log into your brand new username! Once you’ve logged in go to Users -> All Users.
4. Delete Old Username
Now for the scary part. Check the box next to your old username, then from the “Bulk Actions” drop down select “Delete” and then click “Apply”.
You’ll be taken to a new screen, the “Delete Users” screen, and this is super important: this page will ask you want you want to do with all of the user’s content, make sure you check “Attribute all content to” and then select your new username. If you do not do this all of your blog content will be deleted.
WARMING: Yup repeating this because it’s that important. In this screen make sure you check “Attribute all content to:” and then select your new username. If you do not do this all of your content will be deleted.
After you’ve checked, double checked, and tripled checked that all the content will be attributed to the new username, click “Confirm Deletion” and your old username will be deleted. Once WordPress is done deleting your old username, you’ll be redirected to the “All Users” page. Here you’ll see your new username listed and you’ll see the content attributed to this new username as the post count on the right will be a number now instead of 0.
[clickToTweet tweet=”Is your WordPress username hacker-resistant? Learn how to change it with this quick tutorial!” quote=”Is your WordPress username hacker-resistant? Learn how to change it with this quick tutorial!”]
And you’re done!
I realize this seems like a bit of a process and I SO wish WordPress made it a little easier to change usernames by adding an option on there but until then, we’ll have to do it the hard way! The good news is now you’ll have one less thing to worry about regarding the possibility of hackers getting into your blog! 🙂