Geez…, I believe every “security how-to” in this Universe has a snippet like, “How to secure your WordPress admin username,” or “How to lock down your administrative user account in WordPress.”
Those 1000+ word made-for-Google articles all say the same thing, so I’ll summarize in a particularly non-Google-SEO-esque fashion:
How-to replace your “admin” username:
The moment you create a new blog,
—————> create a second administrator account,
——————————> log out, login as the second account,
———————————————> then delete the old “admin” username account.
So there you go. “How to improve your WordPress security” in 60’ish words. Done!
And now on to the fun part of this article.
Alrighty, so you chose to leave that darn “admin” account in place, and like a soldier have been trudging off to battle facing the bot hoards unaware for years. That’s all fine and good. I like a little drama on occasion too… But let me give you this extra holy hand grenade to help you in your quest.
Here’s the deal, “Bots like you.“
No, really they do. Your WordPress blog is a wonderful opportunity— who doesn’t like free advertising.
I’m going to speak in my bot voice now.
And as a bot, what I really like chewing on are WordPress websites, particularly those whose authors chose not to follow the advice given in virtually every WordPress security expert’s how-to secure your site guide (to remove the “admin” user). What I really like about blogs whose author is also the administrator account is that every post they write gives me their administrator login username, making my job a lot easier. “Please-please continue to use your administrator account when writing articles. Doing so makes my hacking for pharma advertising business way more fun. Thank you!”
Ok, so back to reality.
The WordPress Administrator account, while a necessary evil, can be quite easily tamed. First, think like our bot friend. Why give him what he wants. He wants to know your administrator username, right? Well then, don’t give it to him.
I’ll simplify this a bit further, with a question:
Do you really need to write your articles using your administrator account?
Ahh! Did you just feel that big bubble pop above your head?
I bet that was satisfying, learning you can use any username to write articles. How emancipating!
Free yourself from the shackles of WordPress username abuse. Take control of your blog’s authorship, and beat down that new author username by setting your new username to the role of Editor or Author.¹
Then, if you are feeling the need, install that shiny new plugin or theme using your secret no-one-but-you-knows-it administrator account. Our bot friend just shed a tear.
Now soldier, get back into the battle. Unleash that holy hand grenade as you will!
“WordPress Admin Username – Oh, how I like you a little more now.”
Did you know
Editor – has access to all posts, pages, comments, categories, tags, and links.
Author – can write, upload photos to, edit, and publish their own posts.
I do it another way:
the last field in the “name area” of a user is “Display name publicly as”, where you can select the name that is used as the author name. In the nickname field I use a nickname other than admin or the given admin name and select this one to display. So there is no problem to write articles with the admin account.
And i use a plugin to change the admin username to anything other than “admin”. I observed a hacker trying to hack one of my sites and they always using “admin” oe the domain name as the admin user name. I blocked the ip’s he was using forever and after 2 weeks he gave up ;o)