For Best Security, Change Your WordPress Password AND Admin User Name Often – At Least Every Few Weeks!

Frequently changing your WordPress password and admin user name will help to prevent hackers from breaking into your blog  – a serious problem particularly if your blog is popular and you are successful online.

It’s also important to change them if someone helps you with your blog and needs your user name and password to login to do the work.  When they have completed the work,  change your admin user name and password immediately. Even if the person is trustworthy, someone in their company might not be. Better to be safe than sorry!

How to Change Your WordPress Password

It’s simple. Sign into your WordPress blog and select Users in the menu on the left-hand side of your screen. It’s the icon shown in the picture below:

How to Change WordPress Password1 How to Change Your WordPress Password and Admin User Name

<— When you hover over the icon, you’ll see a drop-down list of options. Click on Your Profile.

At the bottom of the Your Profile screen, you’ll see the option shown below  (click on my screenshot to enlarge it):

Change Your WordPress Password1 How to Change Your WordPress Password and Admin User Name

This is where you change your password. Make sure that you make it complex and hard to crack. The strength indicator will help you choose something appropriate.

And don’t forget to record your new password for the next time you sign in! I use *Roboform*to remember my passwords. I highly recommend it!

How to Change Your WordPress Admin User Name

Most WordPress bloggers do not change their admin user name. They keep it at the default name ‘admin’ or leave it at whatever they chose when they first installed WordPress.

Bad idea!

Changing the admin user name is simple. Go to Users again and click Add New.  Fill in the new admin user name and other information. Next click the role drop down box at the bottom of the screen and select Administration. After that delete your old admin username and you’re done!

Remember to change your WordPress password and admin user name, or at least your password, often!

~ Lillea Woodlyns

P.S. To learn how to protect your blog as much as possible from malicious hackers, I recommend WP expert John Hoff’s excellent ebook and video package:

WordPress Defender: 30 Ways to Secure Your Blog from Attack that Anyone Can Do

WordPress Defender How to Change Your WordPress Password and Admin User Name

16 Responses to “How to Change Your WordPress Password and Admin User Name”
  1. DoFollow says:

    I would like to add that as well as updating your password often, be sure not to make it a standard every site password. This way if your WordPress does get hacked, it doesn’t give the hacker free access to your other social media or worse, your financial and other sensitive accounts.

    ~ Kristi

  2. Thanks Kristi. Excellent advice! I agree and think it’s all too common for people to use the same password for everything, which can be
    very dangerous if anyone decides to make trouble.

  3. [...] This post was Twitted by LilleaWoodlyns [...]

  4. [...] « How to Change Your WordPress Password and Admin User Name Sep 17 2009 [...]

  5. Leslie West says:

    I would like to add in order to delete the admin account with the old name you must logout and login to the new name. Then you can delete the old admin user.

    I have tried to use a different user name and password on a per hosting account but that can still leave dozens to hundreds of sites with the same user name & Password

    I am interested in an more automated method to do this.
    When you have close to 300 blogs and growing just performing updates to WP and the plugins takes a huge amount of time.

  6. Leslie West says:

    I use roboform to remember my UN/PW combo. However this application constantly pops up while in the writing screens or any page that has a form. Very annoying.

    I have set the options to not autofill but the only choice was all. This causes a problem on your next login. You have to manually reset and then disallow again.

    If their is an easier more efficient way to do this please advise!

  7. Hi Leslie,

    I sometimes get frustrated by Roboform for a similar reason.

    I’ll see if the experts at SFR can answer both of your questions and then post anything of value here.

    Leanne King, who is a member of the forum, will likely have an answer about dealing with multiple blogs.

  8. Hi again Leslie,

    I’m still collecting answers but in the meantime the plugins below might be of interest to you:

    Kish-Multi: Allows you to manage ALL of your WordPress blogs from a single blog

    Maximum Security Plugin is still in beta, but it’s very promising. It improves WordPress security in many ways and regularly reminds you to update your user name and password, etc.

  9. Below is what someone said about your Roboform problem. They never have this issue so maybe this will give you some ideas for what to check?

    “If I was guessing, I suspect that at some point she has SAVED the WordPress New Post Form while editing. If she checks her Fill Forms… menu option, she can probably identify the WordPress saved form and simply delete that entry.

    Other than that… if it helps, in my RoboForm Options | AutoFill, the ONLY setting that I have enabled is “Offer to AutoFill Windows dialogs in Browsers (Basic Authentication)”. Maybe she has enabled one of the other ones. I do NOT have Auto-Fill enabled.”

    If that doesn’t help, try writing to Roboform support.

    I hope that gives you some ideas at least!

  10. Leslie West says:

    Thanks for the tips. I have changed some settings in Roboform options. The autofill selections were changed. I will see if this reduces the annoyances more than the lack of the auto offer.

    I did download the WP plugin Kish-multi. I will be trying it out.

  11. @Leslie West – Great. I hope something is helpful!

    @Ramon Fincken – Thank you for the suggestions

  12. Hi Lillea,

    I’m reading your post just before taking steps to protect my blogs better:) Thanks for the information on changing the u and p.
    I would also add that it is a nice idea to create index.html to put it in certain folders to hide files stored in there, for example in order to hide plugins from the view of hackers.


  13. Hi Justyna,

    Thank you for your tip about the index.html – very wise to do!

    I’m learning a lot about security in WordPress Defender, things that
    most people don’t know, and am really glad that it’s available now.
    I watch the videos it comes with and then put the security measures
    in place alongside it, in real time, so they are done correctly.

  14. Lillea, WP Defender is absolutely awesome! I apply John’s advice on my blogs and I’m glad that even though he writes about quite many codes, he does it in a very simple way and shows everything on the videos.

    He offers excellent support as well. That’s a great value for money.

  15. Hi Justyna! I’m very happy that you like WordPress Defender
    John is such a great guy – honorable and knowledgeable. I hope that more people will buy it. I think that most people don’t realise how vulnerable their blog will be if they don’t do what John advises.