How to rename the WordPress admin account

Published 01 Mar 2012 in Security, WordPress by ZigPress

These days WordPress lets you choose an admin username when you create a new installation, but there are probably still millions of WordPress sites out there with an admin username of “admin”. This is not great for security, as it is one less thing for a hacker to guess or obtain.

It’s far better to have a unique username for the main admin account, and if you have an existing installation with the admin username of “admin”, I suggest you follow these steps.

There are other ways to do this, but this is the easiest for the average user.

1. Log in

Log in to your site using your existing admin account details.

2. Add a new admin account

Hover over the Users item in the dashboard menu, and select ‘Add New’. Enter the information requested. You will need to specify a different email address than any existing user, but you can change it later. make sure you select “Administrator” in the role selection box.

3. Log in to the new admin account

deleteusers2Now you should log out of WordPress, and then log back in with the new details you entered in step 2.

4. Delete the old admin account

You can now delete the old admin account.

Click Users in the dashboard menu. Hover over the username of the old admin user account, and click ‘Delete’.

When WordPress asks you what to do with posts and links that belong to the old account, make sure you click the LOWER option (shown in the image), otherwise you could lose a lot of information.

5. Change preferences in the new admin account

Finally, hover over your name at the top right of the page and select ‘Edit My Profile’. Now you can reset your preferences, such as dashboard colour scheme, display name, email address, etc.


  1. On 09 Aug 2012 at 10:16, Ivan said:

    Here’s my plugin solution for this: Admin username changer
    Hope it helps :)

  2. On 24 Oct 2012 at 17:46, Steven Holzner said:

    Renaming the admin account won’t help substantially. Yes, it will make it harder for someone to log in directly as you, by brute-forcing the password; but beyond that it won’t help.

    If someone can execute a SQL injection, as was possible with the recent XMLRPC exploit, they can access your admin account because the admin account is always user ID 1.

  3. On 28 Oct 2012 at 03:12, Raghavendra said:

    Make sure the computers you use are free of spyware, malware, and virus infections. No amount of security in WordPress or on your web server will make the slightest difference if there is a keylogger on your computer.

    Always keep your operating system and the software on it, especially your web browser, up to date to protect you from security vulnerabilities. Like many modern software packages, WordPress is updated regularly to address new security issues that may arise. Improving software security is always an ongoing concern, and to that end you should always keep up to date with the latest version of WordPress. Older versions of WordPress are not maintained with security updates.

  4. On 06 Nov 2012 at 11:47, Rabia Akram said:

    I think renaming the admin account wont help substantially but it will make harder for someone to login directly as you.

  5. On 15 Apr 2013 at 07:32, Donna Menner said:

    Useful information about changing the “admin” username to something else, I bet a lot of people didn’t think of this. While talking about security, I am also surprised that so many sites, even financial sites, won’t allow the use of special characters when creating a password. This makes the password so much stronger.