fbpx
Skip to content

WordPress Danger: Admin is NOT your Admin Log in Is It?

So you’ve bitten the bullet and gone with WordPress for your Web Site system, good for you! I swear by this method and have consistently used it for many years. While I acknowledge that other methods may work, I am most comfortable with this one. To enhance the security of your system, it’s imperative to change the Administrator account. Why? Simply put, I have observed multiple attempts to log into my system using Wordfence.


Vietnam Hanoi, Vietnam, attempted a failed login using an invalid username “admin.”

IP: 125.212.220.77 [unblock]
43 seconds ago
Japan Japan attempted a failed login using an invalid username “admin”.
IP: 133.242.22.177 [block]
10 minutes ago
Romania Sibiu, Romania attempted a failed login using an invalid username “admin”.
IP: 46.214.107.142 [block]
Hostname: 46-214-107-142.next-gen.ro
20 minutes ago
United Kingdom United Kingdom attempted a failed login using an invalid username “admin”.
IP: 213.229.121.124 [block]
21 minutes ago
Turkey Istanbul, Turkey attempted a failed login using an invalid username “admin”.
IP: 193.255.83.100 [block]
Hostname: www.beykoz.edu.tr
29 minutes ago

Wordpress some of the nasty IP Addrs attacking
Some of the nasty IP addresses attacking my site in the last 30 days

I want to clarify that I haven’t attempted to log in from any of these countries. However, I have noticed that all of the login attempts made use the username ‘Admin‘. This is a common tactic many hackers use as it is one of the most vulnerable attack vectors.

Wordpress staging site close up shot of a typewriter plug-ins
Keep your WordPress configuration Safe

How to Remove Admin from WordPress?

  • Go to the Users Menu on your WordPress site
  • Create a NEW userid, and call it what you wish (e.g. ThisIsNotAdmin ) that has Admin privileges, and give this user id a good password (not that crappy one you use for most sites)
  • Log out of your Admin account, and try to log in with your new Admin UserID. Make sure you can do all you want and that it is an Admin account (be sure before you do the next step).
  • From your new Admin userID, delete the Admin user id (maybe after you have done a complete backup of your site just to be paranoid).

That is it. You have shut down the first attack vector for hackers, so your site is a little more secure (but don’t get cocky, there are many other ways into your site, this is just shutting off one of the easiest to attack).

2 thoughts on “WordPress Danger: Admin is NOT your Admin Log in Is It?”

  1. This is great advice and I’m sure there are people out their reading this and going “Oh sh!t” and rushing to change their admin log in. I worked in software management so new better from the get-go but many might not have thought of it.

    I have a question you might know the answer to. My husband Razz and I each have an admin account. Mine was the first and I created his giving him admin status. However there are things he cannot do where he gets an error stating that only admin can do it. Sorry I can’t think of an example right now but it is very frustrating as I want him to have full access as well as me. Hope that made sense and you have an answer for me.
    Roze

    1. Not really sure, haven’t delved that deeply into WordPress. My guess there is only one ADMIN userid, and you are it. Maybe check the WordPress Subreddit? WordPress.org message boards too.

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.