In line with many other hosting providers, we have recently seen a large rise in the number of automated login attempts against WordPress installations. In light of this, we believe it worthwhile to explain how to change the default admin username that WordPress uses.
How to change the admin username
The first step is to log into WordPress with your admin username as you normally would.
Note: The usual URL for the WordPress login page is your domain name appended by /wp-admin
The next step is to create the new user who will later become your admin user.
This is done by going to the Users menu and clicking on Add New.
You will now need to enter in the information for the new user, as illustrated by the screenshot below.
Note: The email address that you enter needs to be a different one to the one currently assigned to the admin username.
We recommend that a strong password, combining a mix of upper and lower case letters, numbers and punctuation symbols is used. If you are having problems thinking of a strong password, try replacing some letters with numbers (for example, replacing e with 3 and a with 4) and adding an exclamation mark to the end.
Make sure you choose Administrator as the role for the user.
Finally, once everything has been filled in, click on the Add User icon at the bottom of the page.
Now that we have created the new username and assigned it the administrator role, the next step is to log out as admin and log back in as this new user.
Once you are logged back in, click on Users in the Users menu.
Hover over the admin username and click on Delete.
You will now see a confirmation screen and you should tick the option Attribute all posts and links to and then select your new username from the drop down menu.
Note: Selecting this option means that none of the posts or comments the admin username created will be deleted, as they will all become associated with your new username.
You have now successfully changed your WordPress admin username and, by doing so, will have considerably increased the security of your blog and it's defence against automated brute force login attempts.