How to change "default" Admin user name in WP as a security measure

Genesis

Administrator
Staff member
Word Press Websites are known to be targets of hackers and one of their techniques is to perform a brute force attack on the account by using the default WP admin username. This way they can retrieve the password, change the password and gain access and "ownership" of the Website to do their evil deed. So a security precaution would naturally be to change the default administrator username "Admin" to a different one that would be very difficult for the hacker to figure out. In addition, it is equally important to make certain that the display name with which blog articles are written is different to the Admin user name.

Here is how it is done:

1. Log into your WP admin panel using your admin account.
2. Go to your Dashboard Panel and select "users" (in left panel)
3. Click on "Add a New User"
4. Add a challenging New User Name to the form
5. Choose Administrator in the "Role" drop down menu
6. Enter a VERY STRONG web password
7. When finished click on "Add New User"
8. Now log out of the "Admin" account
9. Log in again using the new WP Username
10. Select Dashboard Panel and click on "users" again.
11. From the users list tick the box of the previous username "admin"
12. Select the "Delete" option from the drop-down menu
13. Next, you'll be asked about the articles posted under the "admin" user name that you want to delete.
Select the option: "Attribute all posts and links to:" and select your new administrator password.
14. When ready, click on "Confirm Deletion".

This way the default WP username has been successfully deleted and the security level of your blog has been increased.

Second security precaution is to make sure that the display name of your new user account is different from the user name when you are publishing your articles. As hackers logically could easily figure out what the new admin username is by just checking the articles.

1. Go to your Dashboard again - select Users
2. Select "Your Profile"
3. Scroll down the "Your Profile" screen to the "Name" area
4. Fill in your first name, last name and nick name
5. Make them all REALLY creative so WP can create interesting combos out of them
5. Now click on the drop-down menu next to Admin and there will be a combo of names you could select.
6. This display name is automatically generated by WordPress based on what you put in the First Name, Last Name and Nickname fields. So if you don't like them you could go back and change the names in your profile
7. The variation you select will become your new display name.
 

Sander k

New member
You should also change the member number 1 in your MySQL database to something else.

As member number 1 is always the admin.
 

Genesis

Administrator
Staff member
Great idea! So one would then repeat the tutorial. Before creating an Admin Account with a new name, create a couple or more fictitious new members first with no Admin status so they would be numbers 2,3,4 or more. Then create the second account with Admin status. And then delete the first Admin account. So the newly named Admin account will no longer be in the first or second position.
 

jakarta

New member
Another option for it please secure your wp-admin by ip allow to access your wp-admin

another option you can see here

PHP:
h++p://blogvault.net/wordpress-security-1-securing-wp-config-php/
 

Hazem

Member
There are plugins to secure the whole wordpress
change admin , admin ID ,the default wp_ , also time the availability of admin area , ban spammers IPs , change wp-content folder and a lot more ...

1-better-wp-security
2-bulletproof-security
3-secure-wordpress

check them
 

admin

Administrator
Staff member
Here`s a great blog post I found regarding make your Wordpress more security.

The Definitive Guide to WordPress Security

Run secure, stable versions of your web server and any software on that server.
Have a server-level firewall.
Keep your server under lock and key. Only your IT team should have access.
Never, ever access your server from an unsecure network.
If you need to FTP in, use SFTP via a reputable program (I like FileZilla).
Make sure your MySQL installation is as secure as possible.
Always create a unique database for each blog installation, and make sure your database table DOES NOT begin with wp_.
Backup your database and other files as often as possible, especially right before you make a change (there are plenty of options for this, such as CodeGuard and VaultPress).
And, of course, make sure your passwords are both complex and not used elsewhere.

There's more to this, but those are the biggies. If you want a lot more detail, go here.

http://moz.com/blog/the-definitive-guide-to-wordpress-security