If you have not changed your WordPress username, I suggest you do it now. A few weeks back, a friend and colleague of mine, Nancy Seeger, wrote a great article regarding WordPress falling victim to Bonet Brute-Force login attacks. I suggest when you are done reading this blog that you click on the link and read it.
I thought about it. After all WordPress is very clear, “Usernames cannot be changed.” But it kept bugging me. There has to be an easier way to change the admin login without going through the phpMyAdmin databases under the CPanel. Viola! There is!
Directions On How To Change Your WordPress Username
These simple instructions will allow you to change your Login ID and password, right within WordPress. Before we get started, make a back up of your website. Ready? Here we go:
- Make a back up of your website. There I said it again!
- Select Users on the side panel on the left, of your dashboard in WordPress.
- Select New Users (not All Users)
- Enter your criteria.
- Between you and me, make the WordPress Username a mix of characters just like you would your password (upper case, lower case, numbers and symbols). Why make is easy for a bot to figure out?
- Make sure your Username is different from your password.
- Make sure you write down the Username and Password somewhere.
- Make sure you select “Administrator” in the drop down menu next to Role (See the graphic below:)
- Once you are finished entering the criteria, log out of your Dashboard and browser.
- Log back in to the Dashboard, in a new browser, using your new WordPress Username and Password.
- Select All Users from your dashboard.
- Make sure all the Usernames are still there.
- Make sure that you have at least ONE ADMINISTRATOR.
- Once you have tested your login (2 or 3 times). You can delete the default Admin username permanently (the default admin username that was part of the WordPress core.) This is what the bots are looking for.
And there you have it. Now you know how to change your WordPress username without going into the phpMyAdmin database through your Cpanel with your host. I can’t emphasize enough, is make sure that you TEST, TEST, TEST before you DELETE anything!
I would love to hear your thoughts on this in the Comment section below.