This is my PSA, call to action + support for any and all WordPress users. Yes, it’s a big deal. When you log into your website, do you type the word “admin”? If so, we need to talk. If not, you’re not off the hook just yet. Taking WordPress login security seriously could save you thousands of dollars. No joke.
WordPress likes to make things as easy as possible for their users, which includes setting the default username to admin. If you didn’t change it then, it is time that you change it now.
Don’t need any convincing? Wise move, WP user. Simply scroll down a little bit + follow the instructions for how to ramp up your site’s security in minutes.
Need some convincing or want to understand the “why” a little more? Let’s discuss.
Why WordPress login security matters
Anyone that logs into a WordPress site has to put in 2 pieces of information — a username + a password. Simple enough, right? If you’re using admin (the default username), you’re doing 50% of the work for hackers.
Those hackers are trying to do bad things to your website, your business or your server. They know that WordPress has a default username, so admin is the very first thing they try.
Stop doing hackers’ jobs for them.
Another way that we can make it easier for them is to use weak passwords. Trust me, I know it’s tough to remember every password that I set up. That is why I use a secure password vault system to help me keep everything safe + sound. (And why I have a free training on how to use a password vault!)
Worth noting — post-it notes on your desk aren’t an example of a secure password vault.
Buh bye admin, hello better security
Ready to make your login screen as secure as possible? I have 5 total steps for you to follow, and the last one is completely optional. You’re going to create a brand new user, log in as that user, delete the old/admin user, and then rest easy knowing that you’ve secured your site exponentially.
Let’s get to it!
- Log into your site with your admin username + head to Users > Add New.
- Create a new user with a good (aka unique) username + strong password. You’ll want to set the Role to Administrator to match your current role within WordPress.
You cannot use the same email address as your admin account, but you can change the email you set after completing these steps.
- Log out of your admin user + log in as the new user you just created. This new login is the one you’re going to use moving forward.
- Delete the original admin account after assigning all content from that user to the new administrator you just created. This keeps all of your blog posts + pages in place.
- Optional step. Change your new user’s email address by clicking Edit within the Users area of your WordPress site.
Don’t settle for weak passwords, default logins + sites that aren’t secure
Are you starting to wonder what other areas of your WordPress site are making it easier for hackers to break in? Do you feel like changing your username is just one more thing that you don’t have time for? Is the idea of yet another cryptic password giving you a headache?