When you install WordPress, the installer will present you with a window where you have to choose your Username and Password.
The admin username pre-filled is “admin” and that is the reason why so many blogs use “admin” as their username and also display name. Each blog post will have the mention “Posted by admin” or “Author: admin” publicly shown to everyone including hackers.
Guess what username is used the most by hackers when they want to break into your WordPress blog? “Admin” of course. Hackers have this way solved half of the problem, they know your username and they just have to find your password. For this effect they use robots to hammer your login page with combinations of passwords.
This is how you should choose a username and password.
First, choose a username that no one would guess.
Then click on the little key to generate a strong password or create your own. It should contain upper and lower case letters, numbers and special characters.
A strong password is the second most important thing to have.
Also, change your email address to something that is not [email protected] if you have concerns that it could be used by spammers.
There is one more step before your WordPress blog is more secured and that’s changing the display name.
The display name is the “author” name that is shown with each post like this.
As you can see, even if you didn’t use “admin” as your username, your real username “y79w85” is shown to everyone.
If you visit other blogs, you will often see that many use “admin”, “administrator” or “webmaster”. That’s what hackers will try first.
This is how you can change your display name.
Visit your Dashboard and locate the “Users” section in the menu.
Click on “All Users”.
The Users page is showing with your administrator username.
Click on “Edit”.
As you can see, the name displayed publicly is the Nickname, which is the username by default.
Let’s change this.
You can use your first name as your “Nickname” and select this entry to display publicly.
Now the blog post is showing like this.
Even if a hacker thinks this is the username and tries to use “Michel” to login, they will be wasting their time. Providing that you haven’t used your first name as username of course...
Just do this and you will have taken a huge step in protecting your WordPress blog from hackers.
Let me know if this is useful to you and post your questions in the comments below.