Most hackers know that the default user account in WordPress is called Admin. To add an extra layer of security, users are advised to choose a username other than Admin. If a hacker already knows what the username is, he only needs to crack the password. By having a unique username, you give the hacker one more obstacle to overcome.
Usernames Cannot Be Changed
The best time to set the username is during a new WordPress installation. The reason you want to do this is because once the admin username is set, it cannot be changed. This has caused confusion among old WordPress users who did their installations when WordPress didn’t allow you to choose a unique username. When going to the user profile in the WordPress admin control panel, they’ll discover they can change pretty much everything but the username.
How To Change The Unchangeable Username
The way to get around this problem is to create a new admin user. The information for the new account will be the same as the old admin account except the username will not be Admin.
Instead of using your name or something that is easily guessable, I recommend you choose an admin name that is like a password. For example, instead of johnchow, I would use something like Xg2tdtSDG389fjehghg. I use a program called 1Password to create my username and password.
After creating the new user, log out of your old admin account and log into the new admin account. Pull up the list of all your users and delete the old admin account (this is also a good time to delete any users who no longer write for you). WordPress will ask you who to attribute the posts from the old admin to. Select the new admin and click confirm.
Instead of changing the username, what you’ve done is created a new username to replace the old username. It would be a lot easier if WordPress simply allowed the changing of a username. Until they do, this is the only way to change it.
If you’re still running the default username on your WordPress blog, I highly recommend you follow the steps above and change it to something else. Read more WordPress security tips in the post How To Secure Your WordPress Blog.
Did you enjoy this post? Get John Chow Dot Com updates via email...
Stay up to date with all of John Chow’s tips for making money online and blog posts by subscribing via email. Your email will be kept private and never shared with anyone.
One of the most common complaint (or excuse) I hear from potential new bloggers is they don’t know how to install WordPress. Terms like FTP and CPanel are like a foreign language and setting up a database might as well be setting up the space shuttle for a launch. Because of the technology barrier, many would-be bloggers never start their blogs...
{ 49 comments }
There’s another easy way. Use phpmyadmin to change the name for user 1.
You can certainly do that but I want to keep this at a new users level and not introduce stuff like phpmyadmin.
Yes for experts there are many ways to do it but for newbie we should keep it as simple as possible so that they can easily implement it.
How to change username in WordPress.
Wrote this post few days ago
I will be really helpful for newbie….will check it out
This is awesome stuff for newbies. not everybody can knows how to do it via phpmyadmin way
Thank you, I am sure that I would mess something up if I went the phpadmin way too. Thanks Mr. Chow!
Thank you John for the insight.
Thats how our blog was changed using phpmyadmin although, this is a more user friendly method
you never change admin’s account but create a new admin account.
That one is certainly a smart move.
Many expert blogger do in this manner and this will be perfect advice for all new bie who started now.
With this post go and read this one as well …
http://www.johnchow.com/how-to-secure-your-wordpress-blog/
I agree, you should definitely change the admin username as well as use some security functions on your blog
WOW! This is a great share John, I’m keen about starting a blog with WordPress but was concerned about the security issues but since you’ve highlighted the most common security problem of WordPress it’s good to know, I’ll be looking forward to see more blogging tips from you.
Security issue will be every where and every platform my dear, if your blog is on internet.
You don’t have much option brother, WordPress is the best CMS and blogging software available.
Its very simple with a SQL Command
UPDATE users SET user_login=’newusername’ WHERE ID=1
Hmm thanks Abhik appreciate to you for this trick .
Noted down, this one is also very useful.
You can do it in phpmyadmin too by viewing the users and clicking edit.
I didn’t realize that we cannot change the username for our word press blog… but for me precaution method is always useful.. thanks for john for this post… and to Abhik, can you please elaborate on how to use that command..
i use cpanel and the only sql thing i see is my sql database , mysql database wizard , and remote mysql..
i am total newbie here..but i like to venture to something specific.. thank in advance for your help
If you have cpanel there should be an option for “phpmyadmin” then you should click on that, and view the mysql database you named your wordpress blog. Once you have done that, click on users and you can edit your admin username.
Hope this helps!
Something that easily about the final users will be the member of common users group, but they still can modify the value for field user name and password, which will let initial
settings lost.
Hey John,
This is a good reminder to keep things as secure as possible. Luckily I didn’t use admin when I was starting my blog and will avoid using it for any new sites.
I agree, great security tip indeed. You can never secure your blog too much.
Oh so its done the same way when you sell your blog to someone!
Like others have said, phpmyadmin is the easiest way to do it, and something that even newbies can handle!
Hi John,
Good advice here. Another loophole want to point out, when ftp your data – in passive mode (set your ftp program — I use Fire ftp —> go to —>> edit —>>connection and remove —> hook left of ‘passive mode’ box (make sure you have ssl connection).
When storing your ftp server password, never store your real password and login (on fire ftp, instead type an additional 3-4 numbers or letters/or both, which easily can be erased during login.
My site was hacked, I did not use admin then, but I used a flimsy password that can easily be hacked.
Now it should be somehow harder, though I don’t want to challenge anyone !, my sql servers are backed up regularly, so if things go wrong, always can get back online. I use three different backup services, wordpress own export file feature, an two other services, plus backing up mysql.
All said, I don’t want to challenge the smart guys out there. I respect those guys for their skills – so – peace !
wordpressed blog africasiaeuro
P.S.: I would not mind if someone could let me know how secure my account really is, but don’t mess up my blog ! thanks.
Will be back here to inform if things went bad or not.
It can also help with SEO, it’s amazing how often the authors name is used in Wordpress
But the way John has explained, it can be done within WP Dashboard, without touching a single piece of code.
Nice information you shared John. Just what I needed right now, especially because it has nothing to do with any code.
thats useful info for future use. thanks a lot for the tip john
good stuff, i changed my username with plugin wp optimize
This is a great post. I never really thought about people hacking into my blog. That’d be horrible. I’ll get mine changed over right away! Thanks for this idea John.
Yup Michael Good Going Glad to know your thinking about people hacking.
Thanks for this article John . It is very useful, hope you will share with us more.
for me also, i want to change the admin name, is there any other way.
Informative post John
Keep doing information post on here 
thanks a lot for sharing your post on here 
Try to have such a difficult password as possible, do not forget that you can use “%(=^ etc. in your password.:)
yes, having a solid password with different characters is the way to go.
Not necessarily see XKCD Password Strength – http://xkcd.com/936/
Ah nice one. I expected you to go into phpmyadmin like a few others pointed out. Definitely much safer to change the username.
When I was a newbie I haven’t deleted the Admin profile, due to that some hacker hacked my site and created another user and got admin privileges. After that he embedded some hidden text into my theme which caused zero hits from Google. To identify the cause I spent almost 1 and 1/2 month ( as a newbie). After noticing the hacking, I read several posts on net about securing wordpress and found a tip to delete Admin first.
So i recommend to delete the default Admin user first after creating another user profile with admin privileges.
This is really an interesting information and tip to change the user name. Thanks John for sharing it.
john, i had clicked the 1password link but it redirect to other site.. is it normal??
Yes there should realize the reader to RSS my feed to RSS commentary, quite simply
you can change using php my admin its very easy
John,
If I click on or hover over your name….I can see your cloaked admin username. So are you just trying to deter robot/algo hackers or ones targeting your site in particular?
That is very easy to use guide here. Thanks.
I have used php admin to change it. Your steps are a lot easier too.