WordPress Simple Security --- Replace the "admin" account

WordPress Simple Security — Replace the “admin” account

(Reading time: 2 – 2 minutes)

It’s easy. Here’s how…

WP comes with a default user account named “admin” which has full administrator privileges.

Remove the “admin” account to help prevent malicious hackers from ruining your website.

NOTE: AS USUAL BACK UP EVERYTHING BEFORE PROCEEDING! (Only takes a couple of minutes!)

Hey! You're in the middle of the Website In A Weekend eCourse. Learn how to create and operate a complete WordPress-based website in a single weekend. Start here: Website In A Weekend: Friday Evening - Off to the Races. (If you already have a blog... "audit" the eCourse... you'll find plenty to do.)

Here’s how.

Login as “Admin” user.
Pull down the “Users” menu in administration page.
Click on “Add New”
Add a new user, set your permissions to “Administrator”
Save the changes, and log out.
Log back in as the new user.
Go to “Users > Authors & Users”
Select “Admin” user.
Use the pulldown menu for Bulk Actions to select “Delete.”
Click on “Apply”
You will be taken to a page that allows you to either delete all of that users posts, comments, etc, or assign them to another user. In this case, you want to assign all your existing posts from the “Admin” user to your new user, which you can do by selecting that choice, then selecting the appropriate user.
Press “Confirm Deletion” and you’re done.

Now, automated hacker scripts have to figure out a user name before they can even get started on cracking your password!

This procedure takes only a few minutes, and you should do it as your first security action after installing WordPress.

The Upshot…

Fast easy security, takes 5 minutes

The default “admin” user name created by WordPress on installation is the first point of attack by malicious hackers intent on hijacking your blog and ruining your search engine standings. Changing the administrator name takes about 5 minutes and is the first line of defense.

Take action now: replace the admin user with a different administrator name.

Comments

Carlos Velez says:

January 20, 2010 at 4:26 am

I tried deleting my admin account the other day, and again this morning, and was greeted with this message:

You have specified these users for deletion:

ID #1: admin The current user will not be deleted.
There are no valid users selected for deletion.

I created a new user with admin role, selected the “admin” account, chose delete from the drop down menu, and voila.

Is this an option WordPress eliminated? maybe to keep dummies like me from killing their account?
.-= Carlos Velez´s last blog ..Clarity Through A Shot of Tequila Wisdom. I Am A Victim. I Am A Prostitute. =-.

Dave Doolin says:

January 20, 2010 at 9:05 am

You were most likely logged in as “admin” user, and you can’t delete yourself when logged in.

Carlos Velez says:

January 20, 2010 at 5:42 pm

ha! that was it. I choose to see this, not as a reflection of my inability to follow directions carefully, or even as a measurement of my common sense, but rather as a testament to your evil genius!

- Dave Doolin says:
  
  January 20, 2010 at 5:44 pm
  
  Wait til you get a load of what’s coming tomorrow.
  
Rob McCance says:

December 13, 2010 at 9:58 am

Dave,

I know this post if from March 2009, but I just discovered it and followed it’s advice on all three of my sites.

Also had my brother do the same with his sites.

Deleted the default admin account and changed the default uname and pass to something much more difficult on all three.

Nothing like giving away the uname to hackers on all your sites!

“admin”
Rob McCance´s last post ..Atlanta Real Estate and Atlanta Homes

- Dave Doolin says:
  
  December 13, 2010 at 11:03 am
  
  Rob, these articles are evergreen by design. Glad to be of help!
  Dave Doolin´s last post ..Why SEO matters more than you think – Saturday Morning Surfing