Most hackers know that the default user account in WordPress is called Admin. To add an extra layer of security, users are advised to choose a username other than Admin. If a hacker already knows what the username is, he only needs to crack the password. By having a unique username, you give the hacker one more obstacle to overcome.
Usernames Cannot Be Changed
The best time to set the username is during a new WordPress installation. The reason you want to do this is because once the admin username is set, it cannot be changed. This has caused confusion among old WordPress users who did their installations when WordPress didn’t allow you to choose a unique username. When going to the user profile in the WordPress admin control panel, they’ll discover they can change pretty much everything but the username.
How To Change The Unchangeable Username
The way to get around this problem is to create a new admin user. The information for the new account will be the same as the old admin account except the username will not be Admin.
Instead of using your name or something that is easily guessable, I recommend you choose an admin name that is like a password. For example, instead of johnchow, I would use something like Xg2tdtSDG389fjehghg. I use a program called 1Password to create my username and password.
After creating the new user, log out of your old admin account and log into the new admin account. Pull up the list of all your users and delete the old admin account (this is also a good time to delete any users who no longer write for you). WordPress will ask you who to attribute the posts from the old admin to. Select the new admin and click confirm.
Instead of changing the username, what you’ve done is created a new username to replace the old username. It would be a lot easier if WordPress simply allowed the changing of a username. Until they do, this is the only way to change it.
If you’re still running the default username on your WordPress blog, I highly recommend you follow the steps above and change it to something else. Read more WordPress security tips in the post How To Secure Your WordPress Blog.