WordPress Username Security

One of the great things about WordPress is how easy it is to get started with a new implementation. Once you have the latest version downloaded and the database connected, all you need to do is run the install script to finish the setup and create your admin account. Bam, you are ready to roll.

But there is a security pitfall in this process that you should avoid. The WordPress install script uses ‘admin’ as the default username for the main administrative user. This has been true for many, many versions of WordPress, and at first glance it may seem to make sense to use a ‘admin’ as a non-personal username for the main account. The problem is, ‘admin’ will also be the first username someone tries when trying to hack your site. Combine that with a weak password, and you all but guarantee that you’re site security will eventually be compromised.

Avoid using 'admin as your WordPress username.

Avoid using ‘admin as your WordPress username.

Do yourself a favor and don’t use the default ‘admin’ username for your WordPress installation. Replace it with something less predictable. And resist the temptation to develop the site using the ‘admin’ username while planning to retire that account later on. Once the site is launched it will be all too easy to forget about deleting that account, and it also monopolizes the email address that you’d probably want to use for the real administrator user.

Leave a Reply

You must be logged in to post a comment.