This week has seen a rather large scale attack of a bot network that specifically targets the “admin” user in WordPress installations. This means that if your site as a user called “admin” then your site is under threat of being a potential target.
No matter if you’re using “admin” as an active user or not: if it exists, your site is at risk. Period.
In this podcast I’ll show you how to change your user name. Sadly this isn’t as easy as just amending “admin” to something else; you’ll have to create a new user, then delete the “admin” user from your site. Don’t be afraid though, I’ll cover each and every step in detail and explain why this is necessary.
- BBC News Report
- Matt’s post about this problem
- Kelly’s Step by step screenshots on how to create a new user
Thanks to Richard Bagnall for bringing this to my attention