If you’re on self-hosted WordPress, chances are good that your username is “admin.” That’s how WordPress sets it up by default, and it’s easy to remember. In fact, I remember feeling kind of awesome the first time I set up a WP blog, like, Cool, I’m the administrator of a website!
So why am I telling you to change your login? Because if all of us know that “admin” is the default, so do hackers. No matter how small your blog is, you’d be surprised how many people get a kick out of breaking into WP and replacing the content with a big “YOU’VE BEEN HACKED!” image.
Here’s how to prevent unauthorized access to your WordPress blog:
1. Go to your Dashboard and go to Users > Add New.
2. Fill in all the fields. Make your login name something you’ll remember - not your first name, unless you don’t use your first name at all on your blog. You’ll need to use a different email address than the one for your admin login (but you can change it in a minute). MAKE SURE you set the Role as administrator and not subscriber.
3. Log out of WordPress and log in with the new credentials you set up.
4. Go to Users > All Users and delete the admin account. All your posts will be credited to the new login you just set up.
5. Go to your new user profile and change your email address to the one you originally set up for your blog.
6. Smile knowing that you’ve taken an easy step to protect your blog!
LOVE it..super simple- fixing one of my blogs now. Thanks!
Andrea, great point…I actually just did this 2 weeks ago….can't believe I hadn't done it yet. Related, I now changed my passwords to make them less hackable. Apparently just text with one or two letters can be cracked pretty easily. At Jesse's (PF Firewall's) suggestion, I now use strongpasswordgenerator.com for all my passwords.
I've been looking into a password management system so I can use super complicated passwords for everything. I'm bad about recycling the same 10 or so passwords on different sites.
Such a simple easy fix! Thank you! Off to make my 4 blogs a little more protected.
It's definitely a good idea! I have the Limit Login Attempts plugin, which emails me when someone is trying to hack into my WP account. You would be AMAZED how often someone tries to log in, and they almost always try "admin".
I've been procrastinating doing this - thanks for the easy steps that made me go and do it! I also installed Limit Login Attempts, sounds like a great idea.
@YPFinances I had to change my login info this morning - got a notification from Limit Login Attempts and someone managed to guess my login name. I don't think they'd ever guess the password, but I'm paranoid!
Thanks! I'm setting up a self-hosted WordPress blog as we speak. I am a talk to me like I am five kind of gal when it comes to technology and your directions worked on my first try! That's what I call a successful blog post!