Before You Go Any Further

Probably the first thing you should do once you have WordPress installed and running is to get rid of the admin account, if you have one.

Admin is the default administrator account. Many WordPress installers already give you the option of having a different name for your administrator, but if you didn’t get that option (or decided to go for a “pure default” install) you need to get rid of it, because it is the number one target for hacking a WordPress site.

Unfortunately you can’t simply rename an account. What you can do, however, is to create a second administrator account (with a different name, naturally) and then delete the first one.

Here’s how:

  1. Go to Users -> Add New NewUser
  2. Fill in Username with the login name of the new administrator.AddNewUser
  3. Fill in E-mail with the email address of the new administrator.
    Note: You can’t have two accounts with the same email address, so you may want to change the email address of the admin account to something else (perhaps a dummy email address) before you add this new administrator.
  4. Fill in Password and Repeat Password with a password for the new administrator. Note the strength indicator Strength
    — you want this to be green, indicating a strong password. The hint says “The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! ” ? $ % ^ & ).” I may discuss managing strong passwords at a later time. In the meantime you might want to send the new password to the new administrator (who is really you!) by email by checking the Send Password? box.
  5. Select “Administrator” as the Role, then click Activate User.SendPassword
  6. Now that you’ve created a new administrator, log out of the site and log back in as the new administrator using the new login name and password.
  7. While logged in as the new administrator, go to Users -> All Users. UserDelete1
  8. When you hover over the admin user in the list you’ll see a Delete link appear. Click on it.
  9. You will be asked which user to assign admin’s posts to. Select the new administrator in the pull-down and click the button.

Your old admin user is now gone, and your site has its first level of protection against being hacked!