Keep Your WordPress Blog Secure : Get New Administrator Account And Delete Default ‘admin’ User
Why a need to delete the ‘admin’ user?
Each and every WordPress installation comes with a default administrator with username ‘admin’ and I know some weird (but highly secure) password. Most of the times we do change the password to make it a bit simple so that we can remember it. In fact, most of us create a new user that represents us with administrative access.
But, unfortunately we do not feel a need to delete the by default ‘admin’ user, as we feel that it has no impact and we don’t have enough time to look into that. Some of us also fear that if we delete that username, may be we would lose access to our WordPress installation. But believe me, no such thing is going to happen, it is very necessary to get rid of this ‘default’ user because…
1. Most of the hackers and crackers trying to hack WordPress installation are malicious bots
2. These hackers do not need to guess your WordPress administrator username because they too are aware of this default ‘admin’ username
3. Now the only thing they need to do is to guess or brute force your password, and if you have made it a bit simpler, then again you are more unfortunate there.
So, hard to guess administrator username also adds one layer of security to your wordpress installation, so better create a fresh new Administrator account and delete the default ‘admin’ user.
Steps to get rid of default admin user
1. Login to wp-admin using ‘admin’ user or any administrator account
2. Take a backup of your WordPress database, there are many free wordpress plugins available for this purpose, what I use is WP-db-backup for this purpose. There is no risk involved in deleting ‘admin’ user, still better to have the recent backup with us.
3. If you do not have any other administrator except ‘admin’ user, create a new administrator user. On your wp-admin panel => Go to Users section in the left sidebar => Click Add New => Create a New User with a non guessable Username, put First name and Last name and some strong password with combination of capital and small letters and some special characters and also you need to put email ID which is not registered with any other user on that WordPress Installation => select ‘Administrator’ from the ‘Role’ dropdown box (very important) => Click on ‘Add User’
Now, a new user as ‘Administrator’ is created. You can view the user thru Users => Authors and Users on wp-admin panel, left sidebar. Confirm that whether the user created by you is appearing there with ‘Administrator’ role.
4. Now log out of ‘admin’ user and login using the new username you have just created. Go to Users => Authors and Users => When you would hover on ‘admin’ username you would see two links ‘Edit’ and ‘Delete’, click Delete
Once you click ‘Delete’, if there are posts written by ‘admin’ username, WordPress will ask you what to do of those posts and links.
You can either select to ‘Delete all posts and links’ or you can ‘Attribute all posts and links’ to a particular user, maybe with a role Editor. Do not use the newly created administrator account to write any posts and create any links i.e. never make the administrator as an author of any post, attachment, comment or anything. What I suggest is create a new user with ‘Editor’ role for yourself and transfer all the posts by admin to this user.
Press ‘Confirm Deletion’ now to delete the ‘admin’ account.
Rename the ‘admin’ account thru SQL query
You can also rename the ‘admin’ username rather than deleting it by executing a simple SQL query on your phpMyAdmin panel or in the MySQL command-line client as follows:-
UPDATE tableprefix_users SET user_login='newuser' WHERE user_login='admin';
Replace tableprefix with the WordPress database table prefix (can be found in the wp-config.php). Generally it is ‘wp_’. Replace newuser with the required username.
Now you have a new admin account with a good and unique username. Please keep it only for administrative activities and controls. I again write, avoid posting any posts or pages or attachments or comments using this account. This may again aid hackers to guess your administrator account username.
Please post your valuable comments on the importance of ‘admin’ username deletion in the comments section of this blog post. All your suggestions are welcome and will definitely help me to enhance this article and make it a bit helpful for all the other readers.