It’s nearly as scary to take the necessary steps to protect your website against hackers as the threat itself.
When venturing into your WordPress database, remember this: You won’t make a mess of things if you’ve done the research and know what you’re doing.
Follow these steps in changing your username and you’ll protect your website from becoming part of a zombie army of infected computers.
Staying Ahead of the Hackers
Your WordPress username tops the list of potential threats against site security. If you have “admin” or any of the other commonly used names (adm, admin1, administrator, manager, qwerty, root, test, support, user), or yours is on the list of the 1,000 username/password combinations used in the recent WordPress brute force attack, it’s time to change it.
Changing your WordPress username by deleting your original administrator profile left me queasy with anxiety, I’ll admit. I went so far as to create another user profile, but couldn’t hit the delete button.
Because I couldn’t find anyone online who has done it this way with a similar version of WordPress, I decided I wasn’t taking any chances.
Here’s how you do it without any fear of deleting your posts. All you have to do is access your cPanel. To do this, you’ll need to know your cPanel username and password. This is worthwhile to know, so it’s worth the trouble to find out.
1. Login to cPanel.
Enter your website name followed by cPanel into the browser tab, like this: example.com/cpanel. This will bring you to a login page similar to what you see here.
Enter your current cPanel username and password. (Check here to see if your password strength meets the criteria for hard-to-break.)
2. Scroll down to phpMyAdmin in the databases section.
Click on this to get to the database for WordPress.
3. Find your WordPress database in the left hand column.
It will look something like this, but might have your username preceding the _wrdp (I erased mine.)
Click on it.
4. Find wp_users in the left hand column and click on this to show your username list.
As an administrator, your information should be on the top row. Click on the Edit in the row that your username is listed. This will give you a new screen with parameters for your profile only.
Look for user_login (not user_nicename!) and change the username in the box where your current username is.
Now go to your WordPress login page and try logging in with your new username.
Remember, if you haven’t changed your password recently, do this as well. This is easily done through your WordPress dashboard.
Click on “Your Profile,” scroll down to the About Yourself section, and enter in your new password. You can also access your profile by hovering over your name in the top right corner and clicking on “Edit My Profile.”
Congratulations! You’ve taken the necessary precautions in protecting your website from brute force attacks. Don’t you feel more secure now?
Chris Rakoczy says
Thanks for the tip!
I’m curious though what the field user_nicename is for? I changed the user_login as recommended here, and the display_name from within the User Editor, but I don’t see where nicename is used either publicly or in the backend.
Kacee Erhard says
You don’t need to do anything with the user_nicename. It’s simply the username displayed in a “nice” format as part of the URL. See this link http://wordpress.stackexchange.com/questions/42736/users-table-user-name-vs-nicename for more information. I hope this helps explain things.