In the grand scheme of things, the Heartbleed bug was pretty bad… but it certainly wasn’t any worse than some of the silly stuff some folks try to get away with every day in terms of security. Like using “Admin” as your WordPress username.
Using “Admin” as a username is ridiculously stupid. Not only is it easily hacked, it’s also easily spoofed, as in: someone sends you a fake error message from “your site” that looks official because you recognize the admin username.
Believe it or not, some hosting providers give you a one-click install option that requires “admin” as the default username. It’s like they don’t even care if your site gets hacked.
Changing your WordPress username is a little complicated if you don’t use or have SQL database access – but it’s actually one of the “easier” procedures you can do if you’re not super-techie. Here’s how.
One caveat: Read all the instructions carefully before you begin. Doing any of these things incorrectly or out of order may result in all your content being lost:
- Backup your content by going to tools -> export (select “All Content” and select “Download Export File”)
- Go to Users -> Add New and create a new administrator-level account with a username that isn’t “admin”with a backup email you can access, fill in the name, etc.
- Log out.
- Log back in with your new administrator-level account.
- Go to Users -> All Users and click “Delete” on your OLD user account (“Admin”)
- On the next screen, you’ll be asked if you want to delete that user’s content or attribute it to someone else. Select the radio button to attribute it, and select your NEW admin-level account in the drop-down menu.
- Double-check you have the radio button selected which “attributes” your old content to the correct, new admin-level account.
- Click on “Confirm Deletion”.
- Verify that all your content is still there.
- Write down your new username and password somewhere safe. Or better, use OnePassword.
- You can now update your user settings to your original email if you want (rather than your backup one).
- Bonus: make sure that the “Display name” is set to your name or nickname, not the username itself. This makes it harder for random jerks to guess your username.
If something went wrong, use the “export file” you downloaded in step 1, and go to Tools -> Import, and upload the old export file.
Did it work for you? Did I miss something? Let me know in the comments.