How to Change an Admin User and Why It’s Important

When you’ve spent a long time working on a WordPress blog, chances are you’re going to find you feel rather protective over it. This is your pride and joy and it’s somewhere that you’re able to express yourself. You’ve probably built a big following here, you’re maybe making some money from it and you likely have plans for the future of it in regards to how you’re going to continue to grow it and develop it over time.

1h

Thus it’s crucial that you keep your WordPress site secure and take every necessary precaution to avoid letting anyone hack in to your Admin panel.

One way you need to do this is by changing your Admin users.

Why This is Important

If you went through the standard and now-famous ‘One Click Install’ to set up WordPress, then chances are that you’re going to have a default username like ‘Admin’. You can avoid this if you click ‘Show Advanced Options’ during the Mojo setup and then enter your own username.

8

But if you didn’t get this option or you forgot, then your username is probably ‘Admin’.

The problem with this is that it makes it easy for potential hackers to get into your admin panel. The reason this is a risk is to do with the way that a lot of hackers work – using a strategy known as ‘brute force’.

2h

Brute force attacks are attacks that work by attempting to log in using someone else’s details. To do this, they will enter hundreds of thousands of different username and password combinations on an automated basis. These routines start with the most common options for both fields – which means they’ll start with combinations like ‘Admin’ and ‘Password’ or ‘User’ and ‘Guest’. Once they get a match, they’re in by sheer probability!

And if your username is still ‘Admin’, then that leaves you susceptible to such attacks. Conversely, if your username is something long including an underscore or a symbol, then this will reduce the likelihood of an algorithm being able to quickly crack both your username and password. This is also why we’re always told to pick long passwords including multiple cases and symbols!

Another reason you might want to change your username is simply if someone has already broken into your account and you want to change it in order to ensure that this same user no longer has access into your admin panel.

How to Change Admin Users

So now you know why you might need to do this, let’s look at how you go about it.

In your WP Admin Panel, just head over to ‘Users’ and then select ‘Add New’. Users is found down the left.

Click this and you’ll now be taken to a page where you can enter the details for a new user. These details include the username, the first name, the last name, the email and the website. Of course you don’t need to enter all of this information but you can do if you want to make it more comprehensive.

3h

You also need to enter a new password. Remember: the whole point of doing this is that you’re trying to improve your security – so make sure you choose a good password here as well. A good password should be long, hard to predict and include lots of symbols and numbers. Remember, you’re not trying to beat a human but rather a machine. That said, you don’t want it to be so obscure that you can never remember it – so why not try picking a few words from a song or something?

You’ll notice down the bottom that you also have a drop box called ‘Role’. As default it will say ‘Subscriber’. As you’ve probably already guessed, you’re going to create a new user and then delete the old one and that means you need to make sure that this new user is an Administrator. Choose that and then click to build your new admin.

Note that this is also how you can create users and give them lots of different roles in your site. For instance, you can create users that are only able to perform specific jobs on the site or edit specific posts. Right now, this isn’t what we’re here to do though!

Once you have your user set up, you can now use those new details in order to log in. But this isn’t enough because you still have your old username ready for people to log in with and you can still get hacked as a result.

Thus, the next thing you’ll need to do is to delete the old user. So just log out of your Admin user and then log back in using the new details that you just created. Make sure to make a note of these somewhere so that you don’t forget them!

Once logged in, you can now navigate to Users > All Users. This page will present you with a list of all the users registered on your WordPress and give you the option to perform various bulk actions. Tick the box next to the old user and then select Bulk Actions > Delete. Just make sure that you’re absolutely sure this is what you want to do before you go ahead!

4h

This is also where you can change other aspects of a user – for instance changing their role on the site or taking them from ‘Administrator’ to ‘Subscriber’.

Once you’ve done this, your site will now be much more secure and it will be harder and less tempting for malicious users to try and access your admin panel! There are yet more things you can do to keep yourself safe too though – for instance, you should consider moving your admin panel to another page, away from /wp_admin. This will make it harder for users to find your admin panel and therefore start trying to crack your password in the first place!