You are here: Home » Website security » WordPress Simple Security — Replace the “admin” account

WordPress Simple Security — Replace the “admin” account

by Dave Doolin on March 2, 2009 · 5 comments

(Reading time: 2 – 2 minutes)

 

It’s easy. Here’s how…

WP comes with a default user account named “admin” which has full administrator privileges.

Remove the “admin” account to help prevent malicious hackers from ruining your website.

NOTE: AS USUAL BACK UP EVERYTHING BEFORE PROCEEDING! (Only takes a couple of minutes!)

Hey! You're in the middle of the Website In A Weekend eCourse. Learn how to create and operate a complete WordPress-based website in a single weekend. Start here: Website In A Weekend: Friday Evening - Off to the Races. (If you already have a blog... "audit" the eCourse... you'll find plenty to do.)

Here’s how.

  1. Login as “Admin” user.
  2. Pull down the “Users” menu in administration page.
  3. Click on “Add New”
  4. Add a new user, set your permissions to “Administrator”
  5. Save the changes, and log out.
  6. Log back in as the new user.
  7. Go to “Users > Authors & Users”
  8. Select “Admin” user.
  9. Use the pulldown menu for Bulk Actions to select “Delete.”
  10. Click on “Apply”
  11. You will be taken to a page that allows you to either delete all of that users posts, comments, etc, or assign them to another user. In this case, you want to assign all your existing posts from the “Admin” user to your new user, which you can do by selecting that choice, then selecting the appropriate user.
  12. Press “Confirm Deletion” and you’re done.

Now, automated hacker scripts have to figure out a user name before they can even get started on cracking your password!

This procedure takes only a few minutes, and you should do it as your first security action after installing WordPress.

The Upshot…

Fast easy security, takes 5 minutes

The default “admin” user name created by WordPress on installation is the first point of attack by malicious hackers intent on hijacking your blog and ruining your search engine standings. Changing the administrator name takes about 5 minutes and is the first line of defense.

Take action now: replace the admin user with a different administrator name.



Would you like more? Send me a letter...
"Hi Dave,
Website In A Weekend seems pretty cool. I'm serious about this WordPress and web stuff, and I'd like to keep up with it. My name is and my email address is . I'm comfortable with email newsletters. I know you will protect my privacy, and that I can unsubscribe at any time. "

Tagged as: Admin user, Security

{ 4 comments }

Carlos Velez January 20, 2010 at 4:26 am

I tried deleting my admin account the other day, and again this morning, and was greeted with this message:

You have specified these users for deletion:

ID #1: admin The current user will not be deleted.
There are no valid users selected for deletion.

I created a new user with admin role, selected the “admin” account, chose delete from the drop down menu, and voila.

Is this an option Wordpress eliminated? maybe to keep dummies like me from killing their account?
Carlos Velez´s last blog ..Clarity Through A Shot of Tequila Wisdom. I Am A Victim. I Am A Prostitute. My ComLuv Profile

Dr Wordpress! January 20, 2010 at 9:05 am

You were most likely logged in as “admin” user, and you can’t delete yourself when logged in.

Carlos Velez January 20, 2010 at 5:42 pm

ha! that was it. I choose to see this, not as a reflection of my inability to follow directions carefully, or even as a measurement of my common sense, but rather as a testament to your evil genius!

Dr Wordpress! January 20, 2010 at 5:44 pm

Wait til you get a load of what’s coming tomorrow.

Comments on this entry are closed.

{ 1 trackback }

Previous post:

Next post: