So you’ve bitten the bullet and gone with WordPress for your website system, good for you! I swear by this method and have consistently used it for many years. While I acknowledge that other methods may work, I am most comfortable with this one. To enhance the security of your system, it’s imperative to change the Administrator account. Why? Simply put, I have observed multiple attempts to log into my system using Wordfence.
Hanoi, Vietnam, attempted a login with an invalid username, “admin.”
Japan attempted a failed login using an invalid username “admin”.
Sibiu, Romania attempted a failed login using an invalid username “admin”.
United Kingdom attempted a failed login using an invalid username “admin”.
Istanbul, Turkey attempted a failed login using an invalid username “admin”.
I want to clarify that I haven’t attempted to log in from any of these countries. However, I have noticed that all of the login attempts made use the username ‘Admin‘. This is a common tactic many hackers use as it is one of the most vulnerable attack vectors.
How to Remove Admin from WordPress?
- Go to the Users Menu on your WordPress site
- Create a NEW userid, and call it what you wish (e.g. ThisIsNotAdmin ) that has Admin privileges, and give this user id a good password (not that crappy one you use for most sites)
- Log out of your Admin account, and try to log in with your new Admin UserID. Make sure you can do all you want and that it is an Admin account (be sure before you do the next step).
- From your new Admin userID, delete the Admin user ID (maybe after you have done a complete backup of your site, just to be paranoid).
That is it. You have shut down the first attack vector for hackers, so your site is a little more secure (but don’t get cocky; there are many other ways into your site, this is just shutting off one of the easiest to attack).
Why is admin a bad user ID to have on your WordPress system
It is the default, and thus “script kiddies” and even nastier folks already have 1/2 of your login capability; all they need to do now is guess your password. It is 1/3 if you have 2 Factor Authentication. No, Admin1 is not a good choice as a replacement.
Will this stop hackers
This will stop a few of the less sophisticated ones, but most will simply start user ID guessing too. Good security on a site is never just one thing. Keep your system up to date, and make sure you have a security Plug In of some sort
This is great advice and I’m sure there are people out their reading this and going “Oh sh!t” and rushing to change their admin log in. I worked in software management so new better from the get-go but many might not have thought of it.
I have a question you might know the answer to. My husband Razz and I each have an admin account. Mine was the first and I created his giving him admin status. However there are things he cannot do where he gets an error stating that only admin can do it. Sorry I can’t think of an example right now but it is very frustrating as I want him to have full access as well as me. Hope that made sense and you have an answer for me.
Roze
Not really sure, haven’t delved that deeply into WordPress. My guess there is only one ADMIN userid, and you are it. Maybe check the WordPress Subreddit? WordPress.org message boards too.