How to change your WordPress admin username

So after my post on why you should change your WordPress admin username, my friend Brad asked me how to go about changing it. So here’s a brief run down.

  1. Log in to your WordPress admin area.
  2. In the Users menu, click on “add new”.
  3. Fill in the info for the new user account. 
    • You’ll need to use a different email address than what you used for the “admin” username.
    • Make sure you change the role to “Administrator”.
    • Choose a new user name that is different than the name you publicly display on your blog. For example, I wouldn’t use “jen” as my username – because that would be too easy for someone to guess.
    • Choose a strong password.
  4. Click on the ”Add User” button.
  5. Log out of WordPress.
  6. Log in to your WordPress again, using your new username.
  7. Click on “Users” in the “Users” menu.
  8. Move your mouse over the “admin” row. You’ll see links for “Edit” and “Delete”. Click on “Delete”.
  9. Select “Attribute all posts to” and then select your new username from the drop-down list. Make sure you select this option — so all your posts don’t get deleted!
  10. Click on the ”Confirm Deletion” button.

Now that you’ve changed your admin username — all your blog posts that were created using the “admin” username will be reassigned to your new username.

WordPress Security: change admin username

In 2012, my site was exploited, along with many other wordpress sites using outdated versions of TimThumb, a popular PHP-based image resizer. Apparently, their main goal was to use our sites as launch pads to go after major U.S. banks. After clearing out all the junk, I tried using a WordPress plugin called BulletProof Security, and everything seemed to work well.

Recently, I switched over to Better WP Security. I checked the logs and looky what I found:

Better WP Security - View Logs ‹ — WordPress

Several reports say that there was a huge botnet attack on WordPress sites To steal admin passwords and gain server access. Looks like it was a brute-force dictionary-based attack that aim to find the password for the ‘admin’ account that every WordPress site sets up by default. Good thing one of the first things I do on any WordPress installation is change the “admin” username.

Protect your WordPress installation:

  1. If your username is currently set as “admin”, change it to something custom.
  2. Change/strengthen your password.
  3. Make sure you’ve deactivated and deleted all old or unused themes and plugins.
  4. Install a plugin to limit login requests.  I just installed the appropriately titled Limit Login Attempts WordPress plugin.

Note to self: stay vigilant with WordPress security.
Next, read “how to change your WordPress admin username.”