Changing the default user name from “admin” is the first step in blocking hackers and making your WordPress site secure.
Several years ago I noticed that the back-end performance of some of my WordPress sites was poor. The weird thing is that it wasn’t continuously running slowly. It was an intermittent problem that I simply contributed to poor internet speed or even browser issues? Occasionally a site would be ridiculously slow and almost impossible to update a page or post. WordPress is a great content management system, but I was beginning to think that it may be time to look into using something else. Then I discovered something.
One day I was making some edits to a website and it was really, really slow. I would select the update page option and the little update wheel would spin, and spin, and spin… I decided to log in to another site. I tried updating a page at the other site and it happened almost instantly. I realized that it was a site specific issue, not WordPress or anything else. I had to see what was inhibiting the performance of my website.
Monitoring 404 Errors for Your Website
I decided to install a WordPress security plugin that monitors the site. I read that by monitoring 404 errors, you can see what may be affecting its performance. I installed the plugin and gave it until the next morning to gather data.
The next morning I was amazed to see hundreds of 404 errors! Many of them were attempts to login to the default www.yourdomain.com/wp-admin.php?, and using the default username of “admin”. Back then I was using the default “admin” username, as well as the default login url. I needed to change some things, and fast!
At this point any would be hackers were already half way in to my site. All they needed to do was figure out the password. As many of you may or may not know, there are servers that run programs that will attack a website and ultimately figure out any password, so securing the username was critical for security purposes. However, simply changing the username was only fixing part of the problem. I also had to keep them away from the login area altogether!
Changing the Default “admin” Username in WordPress
Not only is it important to change the default username on your new WordPress installation, but you should also make certain that you do the following.
- The username is a combination of letters, numbers, and characters.
- The username is different from your “nicename”. (More on the nicename below)
(Please note that it will be necessary to have access to the back-end of your WordPress site. You will also need access to the database in the phpMyAdmin manager of cPanel.)
Once you have access to these two areas you can perform the following steps:
First. Log in to the back-end of WordPress and select -> users -> your profile:
Fill in your name and nickname however you wish. You can use your real name, a pseudonym, or whatever you wish.
Then select the name you wish to use under the “Display Name Publicly as” dropdown.
Save your changes.
Second. Now you will need to log in to the cPanel server to access the WordPress database. (You will need to know the database name.) Once in cPanel, look for the phpMyAdmin and select it:
Third. Once you are redirected to the phpMyAdmin console, look for the database for your website and select it. The database tables will open in the right viewing pane.
Fourth. Search through the tables and find “wp_users” – which is typically towards the bottom of the list of tables.
Fifth. Once the wp_users table is selected, find and click on the “edit” pencil to open the table.
Changing the User Login Name
NOTE: Before you edit the user_login name, I strongly recommend using a text document to save and log all of your changes. Often times I will also take a screenshot of the open table and save it before making any changes.
Using a text document, I typically copy and save all existing entries, then make a copy of it to below the existing entries in the same text document. I then make the edits and save before making any changes in the database. This way there is no possible way of losing the data should something go wrong. I have both the original data and the new data saved. If for some reason something doesn’t work and you can’t log in to your website, you can always change it back and try the steps over again.
Another useful tip is that, when changing the user_login via phpMyAdmin, you are unlimited when it comes to using letters, numbers, and special characters. Although you cannot use special characters when creating your WordPress site with software such as “Quick Install,” implementing special characters using this method helps increase security.
Don’t be shy — use something like: #mY!Website-LoGiN$42 for a user_login.
Sixth. Once you are in the wp_users table, you will see several lines. You are only concerned with editing two of them:
*NEVER change the password via phpMyAdmin! It is encrypted in the table and you will be locked out of your website.
Note that the bottom line, display_name will reflect the change you made when you were editing your user profile in the back-end of WordPress.
Seventh. Once you make the changes, save them. Make sure the left drop-down is on “save” and select the “Go” button.
Now you’re website no longer has the default “admin” for a user name and your site is less vulnerable to being hacked.
The next step is to change the login URL so would be hackers cannot even attempt to log in to your website!