WordPress Administrator Usernames to Avoid

This may be obvious to many, when we think of it – hopefully not in hindsight, but as one of the most popular “blog/CMS” systems WordPress sites are the subject of daily crack attempts.

Whilst the Wordfence plugin will help you to find and block such attempts, amongst other things, it is also important not to select an obvious administrator username. One of the good things about WordPress is that it does not require the primary administrator to have a username of “admin”.

You can and should select a “random” username that is not guessable. This name should not be related to the site’s domain name, your name or the obvious usernames. For example, the top 5 crack attempts on this site in the last few days have been: admin, test, administrator, user and the site’s “middle bit” of the FQDN (“example”, for a site on the www.example.com FQDN).

Pick something random to reduce the chances of someone guessing the username.

Even with a strong password, if the cracker can’t guess the username, it makes it harder for them.

Related Posts