A standard setup with WordPress will set the intial user to be called ADMIN. While this is convenient to remember, especially if you have more than one blog, it is an unsafe security practice. When someone wants to hack your blog, one of the first vulnerabilities they look for is to see if you are using the ADMIN user. Thus the only thing the hacker has left to figure out is your password.
Don’t make it easy for hackers. Setup a more complex user (that you can still remember) and replace the admin user all together.
- Log into your WordPress account and Click on ADD NEW USERS
- Create a new user with the a strong username (letters and numbers at least) and select the ROLE of ADMINISTRATOR.
- Click on ALL USERS
Here you will see the list of all the users on the account including ADMIN. If you have been blogging or adding to your WordPress website for awhile, you’ll notice a number greater than ZERO under the POSTS column. If the number is ZERO, you can skip to STEP 8 Otherwise you will need to move those posts to another USer or they could be deleted when you delete the ADMIN user.
- To access the posts by ADMIN user CLICK on the number in the Posts Column (in this case it is the number 13).
- Now you can see what posts will need updated to a new USER. Hover over the title of the post and the edit options will appear. Click on QUICK EDIT.
- Under AUTHOR, change from ADMIN to another user. Click on the blue UPDATE to save changes.
- Continue this process until all the posts are changed over to the new USER. You can confirm this by going back to ALL USERS
- In addition, you’ll also want to do this for the pages. Simply go to ALL PAGES and continue with the QUICK EDITS
- Log out of your WordPress Blog or Website.
- Log back in user the NEW USER NAME (do not log in again under ADMIN)
- Click on ALL USERS. Select the ADMIN user. Click on DELETE.
- Be sure to click on ATTRIBUTE ALL POSTS and LINKS to: and select a different user. This will assure that anything you may have missed will be attributed to the new user. Click on CONFIRM DELETION.
- Now your ADMIN user is deleted and your blog or website is one step more secure from hackers.
Now that we have one security issue resolved. Your WordPress blog or website is better protected from those nasty hackers.
Do you have others? Comment below on your own security concerns as well as how this worked for you.