You can help secure your WordPress site by making sure that you’re not using a predictable username. A naïve hacker has to guess both your username and your password. If your username can be easily guessed, their job is much easier.
But how might a would-be hacker guess your username? Well, perhaps you’re using your username instead of a nickname in your article bylines. Or maybe you failed to customize your username when you set up your site and you wound up with the default “admin” like 99% of other WordPress users.
The bad news is that, while it’s possible to change your WordPress username, you can’t change it from the WordPress dashboard. Or at least not easily. Sure, you can create a new user, give it admin privileges, assign all your posts and comments to that user, and then delete the original, but…
What a pain.
Instead, if you’re at all comfortable with accessing your database, you can make the change in about two seconds flat. Start by cracking open your MySQL database — preferably using phpMyAdmin. Click on the
wp_users link along the left to access the users table.
Next, located the row with the
user_login of interest — there may only be one registered user — and click the “Edit” link to the left. From there, simply edit the contents of the
user_login field to change your username (the one you use to login). That’s it. Click “Go” to save and you’re done.
While you’re at it, you might want to update your
user_nicename to be a sanitized version of your preferred display name. By default, it’s a sanitized version of your
user_login and can be exposed (for example) in the url of your author archive.
Once you’ve made the changes, be sure to visit the “Users” tab and tell WordPress to display a name other than your new username — otherwise this will be all for naught.
Getting your WordPress site hacked isn’t fun. Take steps to protect yourself.