I was helping someone get their blog configured the other day and we came to setting up WP-Security-Scan – one of the plugins I do recommend.
It takes you through some pretty straightforward steps that will strengthen your WordPress installation against mass bot hack attacks.
One of the recommendations it makes is to change your login user name from the default ‘admin’ to something else.
Here’s how to do that:
From your hosting control panel click on PHPMyAdmin. You’ll see a screen like this:
Find and click on the ‘Databases’ link (circled above).
The next screen you’ll see is this:
It lists all your databases on the left. I have a number of WordPress sites, each with their own database, hence the list of databases. I’ve blacked mine out, but trust me – those are your databases!
Click on the database of the blog on which you want to change your login username. You’ll come to this screen:
Look for the users table. On this site I’ve already changed the prefix to cs_, but the default prefix will be wp_, so you want the table called wp_users. My users table is circled above.
In the users row click on the first icon: browse (2 above). The next screen you’ll see is this one:
If you’re the only person with a login you’ll see just one row there. If you have others on your blog with logins, look for the one that’s called ‘admin’, and click the ‘edit’ icon, 1 above (and circled).
The next screen you’ll see is this one:
In the ‘user_login’ row above look to the right and replace ‘admin’ with a new user name. When you’ve typed a new user name click ‘Go’ at the bottom right of the table (it’s not shown in this screenshot).
After clicking ‘Go’ you’ll be taken back to a screen that displays your new user name in the ‘user_login’ field:
OK, you’re all done in PHPMyAdmin now, so you can log out if that option’s available or just close that window if it’s not.
Next go to your WordPress login screen and login with the new username and your existing password.
Go to your profile screen and you’ll see your new username displaid:
Next check your Nickname.
By default your nickname is the same as your username and it’s displaid as the author name on your articles. And that means anyone reading your articles would be able to see your username.
So change your nickname to something different – your own name or a pen name, for example – and make sure it’s also reflected in the ‘Display name publicly as’ field.
That’s it – you’ve changed your WordPress login username and made your blog more secure as a result.