The default WordPress username option is admin.

Everyone knows it including hackers.

Which is the short answer to why you should change it!

Think about it for a few seconds: if you knew the first number on a combination lock was very likely to be 3, why would you start your testing with anything else?

The same goes for a WordPress username.

Hackers who want to break into your WordPress site know that there’s a very high chance that the username will be admin.

So that’s the one they start – and usually finish – with.

If it’s not that and if they can’t get their computer program to guess the password, they move on to the next site.

Some of my early WordPress blogs still use admin as the username.

I’m gradually changing that – I’ve got reasonably secure, unguessable, passwords so it’s not a high priority but I’m still changing them.

The procedure is quite simple:

• Log in to WordPress as normal
• On the Dashboard menu, select Users
• Create a new admin user (WordPress won’t let you simply change the username) and choose a secure password. Ideally one that’s long (I use 12 characters) and includes punctuation as well as lower and upper case letters plus numbers. Save the password and probably allow it to be emailed to yourself when WordPress asks.
• Put in a first name for the new admin user and also select it from the dropdown list next to where it says “display name publicly as” – otherwise your new admin username will likely be displayed on all your posts, again making it easy for hackers
• Click save.
• Log out.
• Log back in with the new username.
• Go back to the Users menu option and change the old admin username to something other than administrator then click save. (Change the name in the dropdown as well if necessary). This will save any issues with your old posts.
• That’s it – you’ve made your WordPress site a lot more secure from hackers. Congratulations!

Of course, there are other things you can do which will further decrease the chance of hackers getting in to your WordPress site and wrecking all your hard work.

But using a WordPress username that isn’t admin together with a strong password is an excellent first line in defending your site.

If you’d like to know a few other quite simple things you can do to further protect your WordPress site, click this link.

Or for a complete anti-hacker package, check this out.