Updated March 11, 2016
If you followed my steps to set up your WordPress site, this should already be taken care of. However, it’s worth checking to make sure your site does not have an Admin username.
Hackers have been known to utilize Admin accounts to break into WordPress sites so it’s important to address. Think of it like this: if a hacker wants to get into your site, they’ll need your username and password. Because they know “Admin” is the default username many people don’t bother to change, they’ll already be half way to their goal.
How to find your usernames
From your WordPress Dashboard or anywhere in the back end of your WordPress site, hover over (or click) the Users tab in the left column until you see All Users. Click the All Users link.
Make sure none of the usernames next to the picture(s) in the list are Admin.
If you don’t see Admin in the list, you can skip the rest of this post. You are good to go. If you do find Admin you’ll want to change it. Here’s how:
1. Add a new user
I will assume Admin is the only username on the list (which would be the case if you were assigned Admin as your default username). If you are not logged in as Admin, skip to #4 below.
Start by adding a new user by clicking Add New under Users in the left column.
Fill out the new user information. The most important thing in this step is to make sure Administrator is selected from the dropdown menu next to Role.
Click Add New User.
2. Logout of WordPress
Once the new user has been created, logout of WordPress entirely. To do so, hover over your username in the black bar at the top right corner of your screen until you see the option to log out.
3. Log back in
Now, log back in, this time as the new user you just created in Step 1 above.
4. Delete the Admin username
Go to Dashboard > Users > All Users. Hover over the Admin username in the list. The option to delete the Admin user will appear. Click “Delete.”
5. IMPORTANT! Assign existing posts / comments to the new user
You will be asked if you want to delete all posts and links. Assuming your blog is brand new, you can simply delete since you have not written any posts yet.
WARNING: If your blog is not new and you have already posted, DO NOT DELETE. If you do, you will delete all existing posts. Instead, choose the second option “Attribute all posts and links” and select the new user in the dropdown menu.
From this point on, you will use your new username and password when logging in to WordPress.