For those who are relatively new to WordPress and the administration section of a self-hosted WordPress blog, there is one great security tip that majority of people will tell you right away: Ditch that Admin account ASAP!
Though for those who are not setting up a new blog and are using the default ‘admin’ username still (shame on you) should also look at changing this too. I thought at first it might be hard to do and also have the potential to screw things up but fear not, it is really simple to do. The following steps can be used for both new and veteran users of a Self-Hosted WordPress blog who are still using that default admin username account.
Step 1: Create A New User Account
That’s right, go into your Dashboard-> Users -> Add New. Fill out all the information as listed on the form. Make sure you select the Administrator as the Role of this new account though!
Step 2: Logout and Login with New Account
Log out of of the default admin account and login with your newly created account. Then go Dashboard->Users->Authors & Users.
Step 3: Delete admin Account
Select the default admin account and choose Delete in the Bulk Actions. Ensure you only have the admin account selected, then click Apply.
You will be prompted by the screen above. Select the appropriate username to Attribute all posts and links to. This will ensure that your previous posts are not deleted and that your new account is now the Author of all your previous posts.
There you have it, 3 easy steps to secure your WordPress blog a bit more.
Why Do This?
Think of all the WordPress blogs out there. If you leave the default settings, you now give a potential hacker 1 username to use in their attack to gain access to your backend. Remove that account and you make it infinitely harder for someone to try and password crack the account you use to administator your WordPress Blog. Yes, this isn’t a fool proof method but it does make it a bit harder to try and hack your administrative account.
So please ditch that default admin account!