By Cal Evans November 14, 2014
Here's a short and sweet tip from our WordPress series on security. This one is easy if you are setting up a new WordPress site. The WordPress installer asks you for a user name of the initial admin account. Do not use “admin”. For that matter, don’t use anything easy to guess. Yes, this falls under “security by obscurity” but it’s a valid part of an overall security strategy. You just don’t want to rely on “security by obscurity” as your only plan.
Learn how to achieve secure WordPress hosting with Pantheon.
Historically, WordPress used “admin” as the initial account name. This means that potential attackers already had one of the two pieces of information they need to hack into your account. Granted, WordPress’ password security has gotten a lot better over time butthere's still no reason to give them even this one piece of information.
If you have an existing WordPress site and your account is named “admin”, change it. There are several good WordPress security plugins that will do this for you. Plugins like iThemes Security will do this as part of their free plugin.
[Related] Pantheon Website Security Services
