How to Change Your WordPress Admin Username & Password – WP Security Tip

The default WordPress username “admin” has been a security weakness for years. Increases in attacks on sites using admin as the username make changing the username mandatory for maintaining security. The plan of attack is simple: find WordPress sites using the default “admin” username and gain access by trying multiple passwords. Once in the front door, they inject a backdoor and create malware on site.

You don’t have to be a technical wizard to change your WordPress admin username. Here is how to do it and improve your WordPress site security in in the time takes to drink a cup of coffee without complex database changes or plugins. Watch the video or follow the instructions below:

Before you begin complete these simple steps and record the info for future use:

Selecting a New WordPress Admin Username and Password

Select Your new user name

Your username should be unique to you.
Attackers know these users names, so do not use any of these:
[wpcol_1quarter id=”” class=”” style=”color: #ff0000;”]admin or Admin
admin1
adm

[/wpcol_1quarter] [wpcol_1quarter id=”” class=”” style=”color: #ff0000;”]aaa
sysadmin
administrator

[/wpcol_1quarter] [wpcol_1quarter id=”” class=”” style=”color: #ff0000;”]user
test
qwerty

[/wpcol_1quarter] [wpcol_1quarter_end id=”” class=”” style=”color: #ff0000;”]manager
root
support

[/wpcol_1quarter_end]

Choose a New Password

2016: Upgrade your password to a passphrase. A passphrase is minimum of 16 characters. It can contain dictionary words and even be all lowercase letters according to Anthony T article author and founder of the online magazine UX Movement. Add complexity to your passphrase by adding a capital letter and a number. His example: design2Code4coffee.
Why Passphrases Are More User-Friendly Than Passwords – Smashing Magazine

The old advice of selecting a password that is at least eight characters long, uses a combination of upper case and lower case letters, numbers and symbols is not as good a bet as using a passphrase or a password generated by a password manager. Look to this article from WordPress.com Support for guidelines in selecting a strong WordPress password: Selecting a Strong Password

Two More Important “Pre-flight” Steps

Have a Second Email Address Ready

You will need another email address as no two users can have the same email address. It doesn’t have to be a “real” email address.

Backing Up Your Site is Recommended

This is always good practice when making changes or updates to your WordPress site. Contact your hosting provider if you need help with that.

Change Your WordPress Username and Password

1. Login into WordPress
2. In the Dashboard menu go to Users and select Add New.
3. Fill out the add new user form.
4. Use the second email address you have selected. You can change it later.WordPress will verify the strength of your new password as strong if it meets the requirements.
5. Select Administrator as the Role. This is important as you will need that level of access to delete the Admin user.
6. Click Add New User.
7. Logout of your site and login using your new user name and password.
8. Select Users.
9. Hover over the Admin row and click on the Delete link.
10. STOP BEFORE YOU PUSH THAT DELETE BUTTON! Select Attribute all posts and links to your new username. Failing to do so will delete all your posts.
11. Click Confirm Deletion
12. Open your new user account and change the email address to the original.

There you have it in the time it takes to drink a cup of coffee; you have changed your username and increased your site’s security. If you want help doing this call Artizon Digital. Need to get started with a WordPress website? Artizon Digital can get you going on that too.