Removing the Wordpress admin user

Brute-force login attempts are typically carried out against the “admin” user. “Admin” used to be the default username of the first administrator created when installing WordPress, but now the installation asks you what you want to name it, and on eQPress it will be your administrator’s name and surname (not necessarily the “official” ones!).

If you have an old WordPress installation that you have migrated to eQPress, though, your website could still have an “admin” user. By removing this user, you will force the malicious hackers out there to guess not only your password but also your username. Here’s how to rename your “admin” user:

  1. Sign into your wp-admin as the admin user.
  2. Use the “Users->Add New” screen to create a new user.
  3. Provide a new username that’s not “admin”.
  4. The new user’s role must be set to “administrator”.
  5. Specify a super long passphrase. You can follow this guide to create a secure one.
  6. Click “Add new user”.
  7. Sign out as the “admin” user.
  8. Sign in as the new user.
  9. Delete the old “admin” user and assign all posts, pages and comments to your new admin user.