Why Change the Admin userid on a WordPress site?

If you do not it makes it much easier for Cybernasties to be able to break into your site. If admin is your UserID then all they need to guess is your password, and that is simpler than you think.

Is Changing the Admin userid on Wordpress hard?

No simply follow this: Go to the Users Menu on your WordPress site Create a NEW userid, and call it what you wish (e.g. ThisIsNotAdmin ) that has Admin privileges, and give this user id a good password (not that crappy one you use for most sites) Log out of your Admin account, and try to log in with your new Admin UserID. Make sure you can do all you want and that it is an Admin account (be sure before you do the next step). From your new Admin userID, delete the Admin user id (maybe after you have done a complete backup of your site just to be paranoid).

WordPress Danger: Admin is NOT your Admin Log in Is It?

Big Cajun Man

2 years ago

So you’ve bitten the bullet and gone with WordPress for your website system, good for you! I swear by this method and have consistently used it for many years. While I acknowledge that other methods may work, I am most comfortable with this one. To enhance the security of your system, it’s imperative to change the Administrator account. Why? Simply put, I have observed multiple attempts to log into my system using Wordfence.

Hanoi, Vietnam, attempted a login with an invalid username, “admin.”

IP: 125.212.220.77 [unblock]

43 seconds ago

Japan attempted a failed login using an invalid username “admin”.

IP: 133.242.22.177 [block]

10 minutes ago

Sibiu, Romania attempted a failed login using an invalid username “admin”.

IP: 46.214.107.142 [block]

Hostname: 46-214-107-142.next-gen.ro

20 minutes ago

United Kingdom attempted a failed login using an invalid username “admin”.

IP: 213.229.121.124 [block]

21 minutes ago

Istanbul, Turkey attempted a failed login using an invalid username “admin”.

IP: 193.255.83.100 [block]

Hostname: www.beykoz.edu.tr

29 minutes ago

Some of the nasty IP addresses attacking my site in the last 30 days

I want to clarify that I haven’t attempted to log in from any of these countries. However, I have noticed that all of the login attempts made use the username ‘Admin‘. This is a common tactic many hackers use as it is one of the most vulnerable attack vectors.

How to Remove Admin from WordPress?

Go to the Users Menu on your WordPress site
Create a NEW userid, and call it what you wish (e.g. ThisIsNotAdmin ) that has Admin privileges, and give this user id a good password (not that crappy one you use for most sites)
Log out of your Admin account, and try to log in with your new Admin UserID. Make sure you can do all you want and that it is an Admin account (be sure before you do the next step).
From your new Admin userID, delete the Admin user ID (maybe after you have done a complete backup of your site, just to be paranoid).

That is it. You have shut down the first attack vector for hackers, so your site is a little more secure (but don’t get cocky; there are many other ways into your site, this is just shutting off one of the easiest to attack).

Why is admin a bad user ID to have on your WordPress system

It is the default, and thus “script kiddies” and even nastier folks already have 1/2 of your login capability; all they need to do now is guess your password. It is 1/3 if you have 2 Factor Authentication. No, Admin1 is not a good choice as a replacement.

Will this stop hackers

This will stop a few of the less sophisticated ones, but most will simply start user ID guessing too. Good security on a site is never just one thing. Keep your system up to date, and make sure you have a security Plug In of some sort