Removing the WordPress admin User

Brute force login attempts are typically against the admin user. The admin user used to be the default username of the first administrator created when installing WordPress but since version 3.0 the installation now asks you what you want to name it. By removing the admin user you are forcing the malicious hackers out there to guess not only your password but also your username. In this cat and mouse game of security, fortifying the barriers to entry is a good thing for the good guys and gals.

Pendeo¬†does not create an admin user but if you’ve created one yourself or you migrated your site with an existing admin user.

Here’s how to remove the WordPress “Admin User”:

  1. Sign into your wp-admin as the admin user.
  2. Use the “Users->Add New” screen to create a new user.
  3. Provide a new username that’s not “admin”.
  4. The new user’s role must be set to “administrator”.
  5. Specify a super long password. Learn how to create a strong password.
  6. Click “Add new user”.
  7. Sign out as the “admin” user.
  8. Sign in as the new user.
  9. Delete the old “admin” user and assign all posts, pages and comments to your new admin user.
Shortlink: