How to Change WordPress Username?
by
7-layers of Security for Your WordPress Site
Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.
WordPress is the most popular content management system in the world. It powers 43% of all websites on the Internet. And due to its popularity, it is a popular target for hackers. According to a 2018 Sucuri report, 90% of all CMS-based websites cleaned by it during that year were WordPress websites.
No WordPress user can afford to take the security of their website lightly. As you probably already know, the login page to your WordPress dashboard is the first line of defense against bad actors. If somebody were to gain access to your WordPress site, they could do a lot of malicious stuff. They could infect your site with malware/adware/spyware, make it redirect to an unsafe site, install cryptocurrency mining software on it, and so on.
While having a super strong password can make it hard for hackers to break into your site, a WordPress username that is difficult to guess makes it doubly hard for them to do so. If you arenāt happy with your current username, Iāll show you how you can change WordPress username in simple steps in this article, covering three methods to do so. Later in the article, I’ll explain why having a complex username isn’t enough for security, but it doesn’t hurt to have one anyway.
TL;DR: Whatever your reason for changing your WordPress username might be, know that changing it is not an effective way to boost your website’s security. Use MalCare to secure your site. With features such as daily automatic malware scanning, one-click malware removal, a state-of-the-art integrated firewall, IP address blocking, real-time security alerts, and more, MalCare is the best security solution out there for WordPress websites.
WordPress username requirements
Your username is publicly visible. Anyone can find out what your username is by hovering over your display name (which leads to a page containing all the posts written by you) on a post and looking at the URL. The URL should be like https://example.com/author/nameoftheauthor/. Hence, choose a username that you’re comfortable showing to others.
When you install WordPress for the first time on your site, it gives you the username ‘admin’ by default and provides you the option to change it. Change your WordPress username immediately during the setup itself. WordPress doesn’t recommend having ‘admin’ as a username because it’s the default and, therefore, easy to guess, in addition to the following:
- adm
- admin
- admin1
- hostname
- manager
- qwerty
- root
- support
- sysadmin
- test
- user
How to change WordPress username properly?
There are three main ways to change your WordPress username:
- Create a new user to use as your default WordPress account;
- Use a plugin; or
- Use phpMyAdmin.
Before proceeding to change username in WordPress, however, I recommend backing up your site. Youāre making an administrator-level change after all, and there is a chance that you can lock yourself out of your account. Having a backup means you can restore access to your site should that happen.
Change WordPress username by creating a new user
WordPress doesnāt give you the option to change your WordPress username directly, unlike most websites. One workaround to this problem is to create a new user with the username you desire, transfer all your content to it, and then delete your existing account. The effect is the same as changing your WordPress username directly from the dashboard if that was allowed. Letās get started.
- Go to Users > Add New from your WordPress dashboard.
- Fill in your details on the next page. Just make sure to use a different email address from the one you used to create your existing WordPress account, otherwise, youāll get an error saying the email address is already registered. Also, make sure to assign this new user the Administrator role so that youāll get the same admin privileges you have with your existing account.
- Click on Add New User at the bottom to finish adding this user.
- Log out of your existing account, then log in with the new user account you just created.
- Go to the Users > All Users page and click on Delete underneath your old admin account.
- On the confirmation page, WordPress will ask you what you wish to do with the content belonging to your old account. Select āāAttribute all content to, then choose the new account you created from the drop-down menu.
- Click on Confirm Deletion to finish deleting your old account. WordPress will delete that account and take you back to the All Users page with the message āUser deleted.ā
Thatās it! Youāve successfully changed your WordPress username. If you wish to use the same email address as before, then head on over to Users > Profile to change it.
Change your WordPress username using a plugin
If youād rather have to change your WordPress username automatically, use a plugin. For this article, Iāll be using the excellent Easy Username Updater plugin. As the name suggests, itās easy to use. Here are the steps:
- Install and activate the Easy Username Updater plugin. Youāll see a new button called āUsername Updaterā under the Users menu. Click on it.
- Youāll see a list of all users of your WordPress site on the next screen, along with their email addresses, roles, and User IDs. Click on update for the user for which you want to change WordPress username. Weāll be changing the username āsrikantā to āwordpress_wizard.ā
- On the next screen, enter your new username, check the box to send yourself an email notification about the username change if you desire, and then click on Update Username.
With that, youāve successfully changed your WordPress username. If you now go to the All Users page, youāll see your new username for your account. You can uninstall the plugin now if you want to.
Change WordPress username in phpMyAdmin
This method is a little more complicated than the two methods Iāve explained so far, as it requires you to make direct changes to your database. It is risky. If you make the wrong changes, you might cause errors on your site or even lose access to it. Proceed with caution and follow the steps carefully. You should only use this method as a last resort. If you havenāt backed your site yet, this is a good time to do so.
You might be asking, āWhat is phpMyAdmin?ā Well, itās a program that provides a web-based interface for site owners/administrators to manage their MySQL databases. Your WordPress database stores critical data about your site including, you guessed it, your username. Weāll be changing the username directly in the database using phpMyAdmin.
Most web hosts will automatically install phpMyAdmin alongside WordPress when you sign up. If your host didnāt, then you would have to install it yourself on your websiteās server. Look up the instructions pertaining to your web host online.
The following instructions will largely apply to all web hosts, but Iāll be using Bluehost for this example.
- Click on Advanced > phpMyAdmin from the Bluehost dashboard. This will launch phpMyAdmin in a new tab.
- Select your WordPress database from the left-hand navigation menu, and then click on the wp_users table.
- Click on Edit next to the username that you want to change. Weāll be changing āwordpress_wizardā to āsrikant.ā
- Replace your old username with the new one in the user_login field, then click on Go at the bottom.
With that, youāve successfully changed your WordPress username in the database using phpMyAdmin.
Why you may want to change your WordPress username and how to pick a good one
Besides the slight boost to security, you may want to change username in WordPress because you feel like itās time for a change, or you want to hand over the reins of your website to another person. Regardless of your reason, choose your username wisely. Here are some tips on how to pick a good username:
- Make it hard to guess. Iāve explained why earlier in the article.
- Choose something memorable and which makes sense to you.
- Avoid basing it on personal information as such usernames can be relatively easier to guess unless itās created like a passphrase (explained below).
- Create your username in the style of a passphrase. A passphrase is essentially a strong password – utilizing a mix of letters, numbers, and special characters – which makes no sense to anyone but you. Yes, unlike other strong passwords, passphrases actually make sense. Let me explain with an example. Letās say your favorite movie of all time is Inception. This is a fact about you that youāll probably never forget. Inception starred Leonardo DiCaprio in the leading role and was directed by Christopher Nolan.
With all this information, you can make the following sentence: āStarring Leonardo DiCaprio and directed by Christopher Nolan, Inception is my favorite movie of all time.ā If you now take the first letter of each word as is, you have the following phrase: āSLDCadbCNIimfmoatā. Voila! You now have a fairly strong password. You can make it even stronger by substituting certain letters with special characters that look like them, so an āSā becomes ā$ā, a ābā becomes ā6ā, and so on. With such substitutions, we get the following phrase: ā$LDC&d6CN1imfm0@tā. We can agree that is a very strong password and one that makes sense to you.
Recommended Read: WordPress password security guide
Does the WordPress username really matter?
In a nutshell, no, it doesnāt. Youāll see it mentioned in WordPress security articles because of the existence of brute force attacks.
Brute force attacks are one of the most popular ways hackers can gain access to your site. Hackers use trial and error to guess your login information. They use bots that try all possible combinations of letters, numbers, and special characters, hoping to land on one that would let them through. As you can imagine, such a hacking attempt isn’t computationally efficient. Unfortunately, there are tons of weak passwords floating around on the Web, and hackers use databases of such weak passwords for their hacking attempts. Even if a hacker is able to gain access to 1 out of every 100 accounts they try to hack, their job is done.
The reason that changing the default username is an ineffective shield against brute force attacks is that there are several ways to figure out usernames on WordPress. If there is a blog, a hacker can make an educated guess. Additionally, WordPress allows the use of email addresses to log in. Ultimately, the best form of defense against login-cracking bots is an advanced firewall with bot protection and limiting login attempts, both of which are available with MalCare.
How to actually enhance your WordPress siteās security
While changing your username to something more complex can enhance your WordPress security a bit, note that if you forget it, you’ll have to dig into the database to retrieve it. It’s why we recommend using a password manager like 1Password, Dashlane, or LastPass. You can safely store any login credentials in the cloud with these, and nobodyānot even the company behind the password managerāwill be able to discover them since they’ll be encrypted.
Also, changing your WordPress username to something much harder to guess may not be enough to thwart brute force attacks. There might be several hundreds of bots working in parallel to crack usernames and passwords. We provide some tips below on how to boost your siteās security significantly.
Install a WordPress firewall
You need a quality firewall with bot protection. Firewalls block malicious IPs from reaching your site altogether. Bot protection analyzes bot behavior to keep out the bad ones. MalCare has a firewall with both bot and global IP protection.
Limit login attempts
Additionally, you should limit login attempts to your site to prevent these sorts of attacks. With MalCare, users are locked out after a certain number of unsuccessful login attempts. If there is a real human who is trying to log into the site, they can solve a simple captcha to circumvent the block. Bots, on the other hand, are locked out for a considerable amount of time, severely impacting their effectiveness.
Use two-factor authentication
Two-factor authentication, or 2FA for short, adds a layer of security for logins. Here’s how it works in a nutshell: after you log in to an app or website using your login credentials, you’ll have to enter a temporary secret code that only you know so that the app or website can verify that it’s actually you who’s logging in, and not anyone else. You can either have the secret code delivered to you via text message or use a 3rd-party app like Google Authenticator. Check out our guide on how to enable 2FA in WordPress.
Install a comprehensive WordPress security solution
The best way to secure your WordPress site is to use MalCare. MalCare will scan your site daily for malware and comes with a cutting-edge firewall with global IP protection. Additionally, if your site gets infected, you can remove all malware from it with one button click.
Conclusion
Having a username that is difficult to guess makes brute force attacks against your website a little harder. Hence, use a strong username for accessing your WordPress dashboard. Having said that, a strong username and password combination may not be enough to thwart hacking attempts. Use MalCare to secure your site and obtain peace of mind.
FAQs
Q – How can I change my WordPress username?
A – There are three main ways to change your WordPress username: create a new user and delete the old one, use a plugin, or use phpMyAdmin.
Q – Should I even care about my WordPress username?
A – Having a strong WordPress username is useful for improving your websiteās security, even if slightly. At the very least, it can make brute force attacks harder to succeed.
Q – What is a good plugin that can change WordPress username?
A – The Easy Username Updater plugin is a good one. Itās pretty easy to use.
Q – What is a valid username for WordPress?
A – A valid WordPress username is one that only has alphanumeric characters (letters and numbers), spaces, and/or certain special characters, namely spaces, underscores, hyphens, periods, and @ symbols. No other special characters are allowed.
Q – How can hackers get a WordPress username?
A – Anyone can see your username since itās public. Hackers usually have access to databases listing the most common usernames and passwords. So, make sure to choose an obscure username.
Q – What characters are allowed in a WordPress username?
The following are allowed in a WordPress username:
- Alphanumeric characters (letters and numbers)
- Spaces
- Underscores
- Hyphens
- Periods
- The @ symbol
Q – Can a WordPress username have spaces?
A – Yes, it can.
Q – Why can’t I change my WordPress username?
A – WordPress doesnāt allow anyone to change their username from the dashboard. However, there exist methods to do so, and weāve discussed those in the article.
Q – How do I know what my WordPress username is?
A – You can find out your username from your WordPress dashboard by going to Users > Profile. Your username will be displayed under the Name section.
Q – How can I secure my WordPress website?
Use MalCare. Itās a state-of-the-art anti-malware tool for WordPress websites.
Share it:
You may also like
Complete Guide to WordPress Salts and Security Keys
Several factors work together to secure your WordPress site, from strong passwords to a robust malware scanner. Among these elements are WordPress salts or security keys. WordPress salts or security…
WordPress Security Updates: A Complete Guide
Curious about what WordPress security updates are and why they matter? Ever wondered whether to enable auto-updates or manually apply them to avoid site issues? You’re in the right place….
A Complete Guide to wp-cron.php
Ever wonder how WordPress schedules tasks like publishing your blog posts automatically, checking for updates, or cleaning up old comments? Maybe you’re a novice user curious about how this magic…
How can we help you?
If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.
My site is hacked – Help me clean it
Clean your site with MalCare’s AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.
Secure my WordPress Site from hackers
MalCare’s 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.