Most WordPress sites are set up using the 5-minute install method or with a quick setup tool offered by the hosting company. The majority of these methods populate the first user with the username admin.
Hackers know this.
So the hackers guess admin when trying to break into a WordPress site. and if you are using admin, or have an account on your site with that username, you are doing half of the work for the hackers trying to get in + do damage to your business.
If you aren’t using admin, head to your All Users page in your dashboard + take a peek. Any listing of the username admin needs to be addressed. pronto.
Get a new, more secure, username
Before you can ditch your username, you’ll need to come up with a more secure one. While using your name is more secure than admin, this resource on how to pick a secure username will get you set up with a better option.
Once you’ve decided on one that will protect you, your business + your site visitors, follow the steps below. Since you can’t simply change the username for your account, you’ll need to create a new user + then delete the admin one. The good news is that it’s a really quick process.