Manually Change the WordPress Admin Username

26 Mar 2011 By Code Snippets 6 Comments

Making sure that our WordPress blog is secure from unwanted logins and admin login attempts should be a high priority on any WordPress blog owners agenda. This code snippet explains how to change the default  WordPress Admin username.

Manually Change the WordPress Admin Username

Manually Change the WordPress Admin Username

Hackers use a variety of methods to gain entry to a WordPress blog or any website with and Admin Control Panel for that matter. One of the main methods they use is Brute force.

What is a Brute Force attack?

The official Wikipedia Brute Force definition is as follows:

In cryptography, a brute force attack or exhaustive key search is a strategy that can in theory be used against any encrypted data by an attacker who is unable to take advantage of any weakness in an encryption system that would otherwise make his/her task easier. It involves systematically checking all possible keys until the correct key is found. In the worst case, this would involve traversing the entire search space.

The key length used in the encryption determines the practical feasibility of performing a brute force attack, with longer keys exponentially more difficult to crack than shorter ones. Brute force attacks can be made less effective by obfuscating the data to be encoded, something that makes it more difficult for an attacker to recognize when he/she has cracked the code. One of the measures of the strength of an encryption system is how long it would theoretically take an attacker to mount a successful brute force attack against it.

To break it down, hackers try as many different passwords as possible until the right one is found. Users of the brute force method use dictionaries, which give them a lot of password combinations.

What to do to Prevent Brute Force Attacks

WordPress installation process has been streamlined to make installation as user friendly and easy as possible. It even suggests the default Admin Username for us on installation.

WordPress 3.0 and onwards now lets you change the username on installation.

WordPress default Admin Username recommended

WordPress default Admin Username recommended

We as sometime inpatient developers what everything yesterday and sometimes can look over this critical security threat. We see the admin username already populated, so just leave it as default.

To make sure our blog is as secure as possible we need to change this username. Leaving the default username of admin makes it so much easier for a hacker to hack your blog, because they already know the username. All they have to do now is crack the password.

There are a couple of options to make sure the username is changed from the default “Admin” username.

Option 1: Change Admin Username on WordPress installation

The first option is fairly straightforward. When we see the box already filled out with the username admin we should change it instantly.

Option 2: Change Admin username after WordPress has already been installed

There may be times when you need to change the default admin username after you have already installed WordPress. You may have went with the defaults, however at a later date you want to make sure your WordPress installation is as secure as possible, so you decide to change the username now.

To change the username you need to run the below SQL query to your database. Use PHPMyAdmin to do this.

UPDATE wp_users SET user_login = 'newUsername' WHERE user_login = 'Admin';
UPDATE wp_users SET user_login = 'newUsername' WHERE user_login = 'Admin';

Change default username through PHPMyAdmin

Code Breakdown

Our WordPress Usernames are stored in the database. To change one, a simple UPDATE query is enough. Note that this query will not transfer posts written by “admin” to your new username.


Using this simply database query, you are now on the road to having a more secure WordPress blog installation, leaving you more time to blog…

Be sure to check out our other great WordPress Code Snippets and WordPress Articles.
Enjoy this article? If so, we would love to hear your thoughts in the comments below


Related Blog Posts

6 Responses to Manually Change the WordPress Admin Username

  1. I never knew i could change my wordpress admin username. Thanks for sharing.

  2. Thanks for the sharing. Been looking for this a long time!

  3. Thanks for sharing this information.I will try to implement this statement.

  4. And to think “They” always say it can’t be done!
    Delighted to know that you didn’t pay attention to “Them”

    Your post makes good sense and is especially welcome by one who has had a WP blog hacked to bits… Not a pretty sight

    I now go forth armed against the Baddies… at least better than before… and what more could I ask?

    Thank you!

  5. Thanks so much for explaining how to do this. I set up my blog with quick install and forgot to change the admin. I’ve been the victim of a brute force attack on one of my sites and boy am I glad to know how to fix it. Thanks again for posting this.

    • You are very welcome. Glad it helped you get your blog back up and running again.

      Unfortunately there are some poeple out there who have nothing better to do than try and gain unlawful entry into WordPress blogs


Leave a Reply