≡ Menu
Jupiter Jim’s Marketing Team

How to Change WordPress ‘admin’ username for Security Reasons

Blog Hackers try “admin” username First!

If a hacker tries to break into your account, they assume that your WordPress login username is “admin”.   If they are correct, then they have a better chance of breaking into your WordPress blog or website. Now they only need to guess the correct password. So to make your site safer, simply change the “admin” username to something else!

Who Cares about WordPress Security?

In the beginning of April 2013, there was a wave of hack attacks on WordPress blogs and websites.  If you were not affected, consider yourself LUCKY not SMART!   Here’s some more information on the recent Brute-Force attacks on WordPress blogs and websites.  The point is to prepare yourself for the next wave of attacks!

What are Brute Force Attacks?

Brute-force attacks on WordPress sites are basically computer programs that try thousands of different usernames and passwords on the WordPress website login page until they get a combination that works.  These software programs try many different WordPress login username and password combinations on random sites, until it finds a login / password combination that works. Don’t let that happen to your WordPress website.

Many times these programs will assume that your WordPress login username is “admin”.   This is an excellent guess at your username because so many WordPress blogs and websites have this login username as the default.  So now the computer software program only has to guess the password that you used in combination with the login username called “admin”.  You’ve just made the job of hacking into your site significantly easier for the hacker and their automated software programs. You don’t want to do that!

So the first step you should take in making your WordPress website more secure is to simply change the login username from “admin” to something else.

Here’s another great post from a great blogger Nile Flores about Brute-force attacks on WordPress sites and some other things you can do to keep your site safe.

I just got an email today from the developer of one of my favorite WordPress Security Plugins — Wordfence.  The email contained the following excellent written steps for changing the WordPress login username.

To rename your WordPress ‘admin’ user:

  1. Sign in as ‘admin’.
  2. Create a new user in your WordPress site.
  3. Choose a hard-to-guess username, but don’t make it so difficult that you’ll forget it.
  4. Make sure that the new user’s role is “administrator”.
  5. Choose a password that has upper and lower-case letters and numbers in it. Symbols are OK too. (symbols like: #@%&*^).  Never use the word ‘password’ in your password, even if it has a different case and includes numbers.
  6. Click “Add new user”.
  7. Logout as ‘admin’.
  8. Login as the new user.
  9. Delete your old ‘admin’ user and assign all posts/pages/comments to your new admin user.
  10. Congratulations, you now have a more secure WordPress system.

 Video Tutorial on Changing “admin” User

In the video below, I have created a short, simple video tutorial on how to change the “admin” username on your WordPress website:

And here’s another recent post from WPBeginner on how to change your WordPress username using phpmyadmin and your WordPress MySQL database.

Please leave a comment to share your experiences or let me know what you think of the video.   Thanks!


Article Written by Jim Landers aka “Jupiter Jim”



facebooktwittergoogle_pluspinterestlinkedinmailby feather

35 comments… add one

  • Hey Jim,

    Come to think of it, many WordPress sites usernames are “admin” and like what you’ve said, it has a bigger chance to be hacked down because it is very common. Well, from a saying that goes “prevention is better than cure”, it very fits well in situations like this and that “us” (I also use wordpress) should prepare our sites with security and care for we may never know when this Brute-force attacks or other hacking software’s or systems will try and attack our sites again. Changing usernames would be a good solution for it. By the way, thanks for sharing how to change usernames in WordPress powered sites. It would definitely help a lot of people who uses WordPress.
    Farrell John Conejos recently posted..Celebrity Worship Syndrome: How Far Can A Fan Go?My Profile

  • Yorinda

    Hi Jim,
    thanks for the very helpful post and video.

    Fortunately, I had changed this long before the attacks were happening.
    A while someone mentioned that it also would be good to delete it in your files on your hosting account??

    I will share this so more people can get this useful information.
    Yorinda recently posted..How coconut oil may benefit your healthMy Profile

  • Thank you, Jim! You provided some vital and valuable advice and I appreciate it!
    George Zapo recently posted..Why do people celebrate Earth Day?My Profile

  • Jim, thanks so much for this tutorial! I’ve read so many times that we need to change from admin to a different user name, but I was too overwhelmed with the How. Thanks for showing us the way!

  • jun

    Thanks for this security tip… a very useful for every site owners that use wordpress as platform….nice share

  • Thanks for this handy tutorial Jim. I use a variety of user names, and haven’t had one called admin for a long time – but as you correctly point out this can be set in place for you when you auto install WordPress. You can sometimes change it at this level, so keep an eye out on your new installations.
    Sarah Arrow recently posted..Bloggers: How to Tweak Sales Page Headlines To Get Better ResultsMy Profile

  • Hi Jim,
    so glad you were able to help me today with my login for my website – you changed the username – thank you!!

    Clare recently posted..Network Marketing Success: How to Professionally Invite Someone?My Profile

  • hi Jim,

    checking again. hopefully I am getting lots of credit for this one!!

    Clare recently posted..Network Marketing Success: How to Professionally Invite Someone?My Profile

  • As web designer I’m amazed at how many people keep their usernames as “admin”. It’s very important to have something different, thanks for sharing these tips on how to accomplish that!
    Boca Raton Web Design recently posted..Why a professionally designed Logo is important to your businessMy Profile

  • This is so cool! Thanks a lot Was wondering how to do this.

  • I REALLY appreciate this info. I am new to WordPress, and you helped me set up my website to how I wanted it. Makes it more personal having a real name rather than “admin”. Thanks
    saanvi recently posted..Work and play.. so true storyMy Profile

  • very good tips on security. changing your password from time to time it’s also a good idea.
    daniel recently posted..Managing your own career in today’s labour marketMy Profile

  • Hi Jim! I did change my password as well as added a security plug in but never knew that I should also change my user name. Now I know how to do it too.. Thanks for the great information.. Chery :)
    Chery Schmidt recently posted..How Can We Reach Those Goals?My Profile

  • I’m a new blogger and just subscribed to yours — thanks for the bonuses and the really useful videos you’ve made.

    As far as changing away from admin: my WP theme tells the world that admin posted such-and-such. If I change to abc, I imagine it will say that abc posted such-and-such. Wouldn’t that reduce the security benefit of the name-change considerably? If so, do you know of a work-around?


  • Great tutorial Jim, really easy to follow the steps. I was wondering, at one time I knew of a plugin that would do this for you. It would also go through your whole installation and check to make sure its safe from hackers by changing file permissions and other things. Do you know of one that will do that?
    Clint Butler recently posted..How To Find Your Tribe Who Will Invest In Your ProductsMy Profile

  • Hmm. I know I’ve changed admin on my main blog, but I may need to change the user name on some of my other blogs.
    DeAnna Troupe recently posted..My blog was chosen to be in an infographic about entrepreneur blogs!My Profile

  • of April, all of a sudden a hundred or so of our servers popped up in our monitoring system with abnormally high load. When we dug into it, we found that ALL our servers in the US are under a brute-force attack that targets WP and Joomla sites. The botnets were using more than 1000 different IP addresses per server (we’ve blocked logins of more than unique 92,000 IPs so far) and tried to guess the passwords at a unique pace. At this point I was furious, now it was not about few websites with weak passwords that were hacked, but about endangering our server performance. Our goal now became to stop the attack immediately and once for all. Therefore, I gathered the security team and a few moments later we had a temporary solution that took place immediately and an idea how to permanently stop those botnets, forever. I will not go into details in terms of what we did, cause chances are some of those hackers running those same botnets would read it and will try to outsmart us, but the facts show that for the past 12 hours we have blocked more than 15 million bruteforce attempts (That’s A LOT!) towards our clients and our servers are not experiencing any load issues.
    Joan Hampton recently posted..No last blog posts to return.My Profile

  • Hi Jupiter,
    You are providing valuable tips here. Your tutorial is definitely useful for anyone to follow the step by step guide to change the user name. That is an awesome tip.

    Jupiter, thank you so much for sharing :-)

    Cheers :-)
    Pearly Quah recently posted..Kangen Water® Malaysia – Business Partners WantedMy Profile

  • Jim,
    thanks so much for your great tutorial on how to safegardourselves from what it is called “brute attack” on wordpress… I was one of the LUCKY not SMART smart person who did not get any troubles.. but as you say, I was just Lucky since I did not use the “admin” username…

    I was a way for a while and missed many of your great blog post and tutorials.. hope I will catch up soon and be able to learn much more from you.
    Thanks so much again.
    nick catricala recently posted..23 day meditation at the L.A. ashramMy Profile

  • You make a very good point about changing the admin name. It is not difficult to pick out a Wordpress site, and if you keep the admin login you have just made it a little easier to hack an admin account. There are a lot of Wordpress user who don’t change the name on the “admin” account.
    Aqiyl Henry recently posted..How To Style the Google+ Comments For WordPress Plugin TabsMy Profile

  • With the rash of attacks we’ve had lately, I’ve taken the time to make this change myself. Thank you for this information and explanation on how to get the job done easily.
    bodynsoil recently posted..Brewing Green Single Serve CoffeeMy Profile

  • Any WordPress user could have the ‘admin’ username, but because of it being so highly hacked on, you would have to have a really good and long password to survive from being hacked.

    If you are changing your username from WordPress by creating a new usering and removing the other, remember that if you have a multi-author site, you will have to attribute those posts to a different user either through SQL first OR manually.

    My recommendation is to change the username in the MySQL if your site has more than one author. Of course, I do it regardless as it is much faster and I don’t have to redo passwords, bios, etc…
    Nile recently posted..How to Limit Post Revisions In WordPressMy Profile

  • Yorinda

    Hi again,
    the other day I was sorting out my database in the host back office and I was amazed how many login attempts there were with ‘admin’ or similar ones!

    I will share this again, so more people may get to change this important aspect.
    Thank you so much, Jim! for the great tutorial!
    Yorinda recently posted..Cayenne Pepper may save someones LifeMy Profile

  • Last year almost every week one of my blogs were hacked. This year hacking seems to be less and I have taken some measures to combat it as well. It is terrible to see all sorts of rubbish on your site and you may not realize for sometime that can cause penalties and all sorts of problems for your site.

    Solutions like this only take a minute or less and pretty effective. You can also update your WP site often and thick the box that says “limit the login attempts”. It is always better to be safe than sorry.
    Memtal recently posted..Are Manual Automobiles better than Automatic?My Profile

  • wow… how many people don’t update their username on creation?
    And changing the record in the database without following the chain of records that the original input created is just… wrong. I wouldn’t be giving anyone this advice without a disclaimer. At least it says the easiest way (it should be the recommended way) is to create a new user and attribute all posts to it then make sure that the old user ID isn’t being called from anywhere, if it is update it.
    Amrish recently posted..Ik Pal Yahi Lyrics – Creature 3D | Saim Bhatt,Bipasha BasuMy Profile

Leave a Comment

CommentLuv badge