How To Change Your WordPress UserName

If you are using Admin or Administrator as a username on WordPress you are breaking one of the simplest security measures going. However, WordPress does not provide a simple way of changing the username. It is still possible and very easy. Just follow these steps!

loginattempts First though, why is it so important? Well look at these recent attempts to break into this blog. All are using one of 3 predictable user names (and this attack went on for over a day, a few attempts per minute from different IP addresses, until I closed it down with a clever plugin).

Because my username is none of the 3 being tried the hacker stood no chance. Even had they stumbled onto the correct password, the mismatched userid protected my site.

It’s almost like having 2 passwords to guess – they have to guess userid & password at the same time.

Unfortunately it’s not as simple as editing the username. However, the steps required instead are very simple once you know the sequence!

(If you can’t read any of the images click to enlarge).

createuserStep 1. Create A New Admin

You can’t rename your admin user, so create a new one. Give it a username that you can easily remember (however you can save it and your password into your browser).

You will need a separate email address to your main account for this, but if you are self hosting hopefully you can create email addresses and by using a separate email address you add a further level of security.

Give this new user the maximum “role” available – Administrator and then Add New User to finish creating them.

Click on the confirmation email to activate the account, sign off as the current user and sign on as the new user. That’s the difficult part sorted!

Step 2 – Edit User

renameuserNow that you are signed on as your new user, let’s apply the other security step of hiding your user name from posts. It also makes the posts look more friendly than posting them all by “Admin”

Go to Users, click Edit under your new Admin user and scroll down to Nickname and enter your chosen name. This is the name that we will be displaying on all your posts as your author name.

Just entering your nickname isn’t enough, WordPress won’t use it yet. Look at the drop down box below “Display name publicly as”. Expand the box to see the 2 names and tap your nickname.

Now hit save. From now on you have an admin user that is not obvious and you are hiding your login name. However, you still have that Admin / Administrator or whatever userid lurking.

Step 3 – Get Rid Of Old Admin

There’s 2 ways of doing this. The easiest (but least secure) is to simply edit the old Admin user and set their role to subscriber. Now, should someone break into the userid then at least they shouldn’t be able to do any damage.

The more secure way is to delete the userid fully. First, make sure you have a backup of your database (if you aren’t making backups already, look at my list of security plugins for a suggestion).

selectdeleteNow, simply go to the list of users and below the old userid, when you put your mouse over the row Delete will appear. Click that. Don’t panic, there’s a step to go yet before it is actually deleted!

confimdeleteOn the following screen you are asked what to do with all content created by that user. This is why it’s important to have a backup, just in case you get carried away here!

Just select  “Attribute all content to:” and from the drop down box chose your new userid (probably the only one there). Double check that the delete option is not ticked and then Confirm Deletion.

That’s it. A bit long winded but you have effectively changed your userid by deleting and creating a new one.

There’s plenty more security steps to apply – have a look through my list of security plugins. That list will be being updated shortly too as I have another one that I think is essential and that in the last week has prevented most hackers even being able to start to attack the blog!

If you are interested in that, then subscribe to the newsletter, follow on Twitter or both and you’ll be the first to hear about the updated list.

Please follow and like us:

21 Reasons Why Self Hosting WordPress Will Improve Your Blog [with InfoGraphic]

Whether you opt to use WordPress.com (“Hosted”) or WordPress.org (“Self Hosted”) is entirely a choice of your own preference, but I genuinely believe that Self Hosting is always better and as such I always self host. Here’s a list of 21 top reasons why based on lists from 17 other websites.


Please feel free to include this infographic on your website  by using the code below:
<a href=”http://www.13weekchallenge.co.uk/21reasonshosted”><img src=”http://www.13weekchallenge.co.uk/wp-content/uploads/2015/11/21reasons.png” alt=”21 reasons to use WordPress.com” width=”100%” />

1. Thousands of free and paid themes.
When you use the hosted version you are limited to a relative handful of themes. With the self hosted version you have thousands of themes and if you, or someone you know, is handy with HTML / CSS then you can write your own. Almost all of the sites surveyed mentioned this as an advantage.

2. Your Own Advertising
If you want to display adverts then you can (you can’t display most with the hosted version). You can choose where to take them from – whether that be Google Adsense or advertising your own connections. Three quarters of the sites mentioned this.

3. Plugins to extend the site
Over half the sites surveyed liked the fact that with the self hosted version you can install a huge variety of plugins, including security, social networking, stats and many more!

Being able to make your own changes to the source code was also mentioned by over half the sites. Whether that’s a major rewrite or just a simple tweak to remove something from the theme that you aren’t happy with, you are in control.

5. Own domain name
This is possible, but as an “extra” on the hosted version. But with wordpress.org you always use whatever domain name you want to use. You register it, you won it and you control it fully! A third of the sites suggested this.

6. Total freedom
It is possible to trip up on the hosted version by accidentally crossing a line and not sticking to a T&C. When you host it yourself, as long as you are legal you can do whatever you want.

7. Analytics
Because you can install plugins (or if you prefer you can do it through the code itself) you can install any type of analytics tool you want, including Google Analytics. You can monitor anything and everything about the traffic on your blog.  4 sites including janefriedman.com gave this as a good reason.

8. Reputation
Using your own domain name rather than a subdomain and being on obviously free hosting makes your blog look better. A different 4 sites to the previous suggestion recommended this, including blogging.org like this

9. Can’t be closed
As long as it’s all legal and above board you won’t find one day that your blog has vanished and everything been deleted without there being anything you can do about it just because you didn’t appreciate something in the terms, such as no advertising. This was raised by wpfreesetup.com, seedpod.com and boostblogtraffic.com.

10. No hidden fees
Free isn’t always free, but when you pay for your hosting you have an agreement as to what is provided. You avoid suddenly being hit with the prospect of paying for more bandwidth, more space, ability to upload media, removing adverts… boostblogtraffic.com and tsohost.com pointed this out.

11. SEO advantages
Because you can customise the code and use plugins you get the chance to search engine optimise your site better. You can also choose from themes that are written for search engines etc. shoutmeloud.com and tsohost.com liked this feature.

12. Scaleability
If your blog grows that so can your hosting, very easily. Both wpmudev.com and tsohost.com came up with this as a valid reason for self hosting.

13. Emails
If you own and manage your domain name then you can create email addresses within that domain name, brilliant for newsletters, contact addresses, setting up social media accounts, contacting other bloggers etc. boostblogtraffic.com and tsohost.com pointed this advantage out,

14. Unlimited space
No emails telling you you are 95% full and then having to work out what you can delete. You just buy the space that you need and go for it. Both wpfreesetup.com and bloggingbasics101.com came up with this suggestion.

15. No unwanted ads
Free isn’t free without something in return and here it normally means third party advertising. And it’s advertising in which you get no revenue! Plus you don’t have to pay to get rid of these adverts. This was suggested by both inkthemes.com and and diythemes.com

16. Web store
If you want to sell a product you can do so. Either use a plugin to create a site that’s a web store, or just have odd items for sale (e.g. an Ebook) throughout the site. Two sites suggested this – slbloggersupport.com and michaelhyatt,com

17. Your own data
You own it all, everything that you create whether it’s media or text. No-one else decides it’s not suitable and it’s up to you if you ever want to move or delete it. wpbeginner.com were the only site to mention this.

18. Affiliate links
No affiliate links allowed when you are hosted, but go for it if you are self hosted and see if you can make a living through your blog if you wish. Both inkthemes.com and boostblogtraffic.com suggested this reason.

19. Extra features
There are loads of extra features that are only available to self hosted bloggers, some of which might be relevant to you. Both yoexpert.com and wpinterns.com recommended this.

20. Free / cheap
Ironically, given all of the extras you might end up paying for on the hosted version the self hosted version could be cheaper when paired with a domain for a few pounds / dollars and basic hosting. wpbeginner.com & yoexpert.com suggested this.

21. Sell your blog
Not many will do this but if the site really takes off someone might want to buy the blog – url & content – from you. I have done this myself and it can be very profitable. But it’s only possible when you are self hosting. However, only shoutmeloud.com suggested this reason.

Sites referenced:

Please follow and like us:

Can WordPress Ever Be Secure Enough?


With headlines such as this frequently in the news, you could be forgiven for thinking that WordPress is a security nightmare. Does it deserve the bad press that it frequently receives? Should be be putting our trust, sometimes our livelihoods behind it?

The above headline How to avoid being one of the “73%” of WordPress sites vulnerable to attack would lead you to believe that there’s a 3 in 4 chance that you are going to be hacked. But, once you open the article and read past the headline, it does, to an extent, show to be a bit of scare mongering.

In this case 73% of WordPress installations had the same potential security flaw. However, server side protection, as provided by many hosts, prevented the potential flaw from becoming an actual security whole and many non-secure hosts were deploying fixes to improve their servers too.


Millions of sites at risk” claims this site. With approaching 75,000,000 websites using WordPress millions represents quite a low chance in some respects, but where did this bug come from? In this case it was from third party add ons – the themes and plugins that you can freely add to a WordPress blog to customise and improve upon it.


And this is what we need to remember when we are using WordPress. The core of the code is downloaded from them, however we then install themes and plugins galore. Where are they coming from? I could publish a theme or a plugin today and you could be downloading it tomorrow. But, why should you trust me?

According to the WordPress site there are 40,832 plugins with 1,070,638,954 total downloads are at your fingertips. That’s a lot of plugins and even more downloads. Yet these plugins can change the behaviour of your website. They can, and it is frequently their job to, change the behaviour of your installation. Some actively prevent admin logons from working (e.g. Limit Logon Attempts, which is approaching 1,000,000 installations and yet comes with a large warning that it hasn’t been updated for 2 years.

Presumably that’s because it doesn’t need to be changed. It was written, does what it needs to and that’s the end of the story. But we’re then subjected to a warning that we’re learning to ignore – on a security plugin!


In all fairness WordPress do work hard themselves to patch security issues. As soon as they are found the team works hard to put out a a fix, even if those fixes are less than a week apart (see April 21 & 27 above).

But, why is WordPress in need of so many security patches? The issue is exactly what WordPress is and the way that we use it. In simple terms, it is known as “Open Source” because the source code is shared and anyone can view the code.

With packages such as Microsoft Windows and Mac OSx all that you receive is the compiled code. There’s no way of looking through the code to see if the programmer has made any mistakes. Because WordPress distributes the raw source code anyone can look through the code and check for omissions and errors that leave hackers ways into the site.

On top of this, we then let anyone and everyone write add ons – “plugins” as they are known, without any possible way of security checking other than finding out too late that something is wrong.

Furthermore, we then distribute the same potentially insecure code to 75,000,000 websites. Half of these are self host (not hosted at WordPress.com). That allows hackers to set up installations themselves to test on and then they have a huge audience of websites to attack. And it only needs 1 hacker to successfully attack 1 website for it to be a successful attack.


What can we as WordPress users hope to do about it? First, we have to basically cross our fingers and hope ours is not the site attacked when a new vulnerability is found. If it is, then there’s not much we can do about it other than report it to WordPress. Backups should allow us to roll back the site to before the attack, but that’s about as far as we can go.

If we are not the unfortunate few then upgrading is essential. If WordPress have released a security fix then it needs applying ASAP. No excuses – if there’s a fix then someone knows how to hack into your version and you need to be off that version ASAP.


But it’s the themes and especially the plugins that leave us most exposed. Various publishers have recently found that their products have opened up security holes and been exposed. However, short of some form of policing of both of these I don’t think there is a way to fix this “hole”.

And policing theme writers, with over 40,000 active plugins alone, isn’t a small job. That’s just the number of plugins that you can download from WordPress. Many thousands more are available from other sources and we happily install and use them.

Keeping everything up to date, that’s WordPress, plugins & themes, deleting unused plugins and themes, using secure passwords and logon protection will help us but I don’t think they can ever 100% protect us on such a gigantic open source project.

WordPress is constantly evolving, adding in new features and improvements. It moves with the times so that the dashboard looks modern and uses modern techniques. But changing code always means risk and one of those risks is security.

And I think all that we can do is to take backups and cross our fingers.

Please follow and like us: