Delete The WordPress Admin User To Improve Security

May 2, 2012 · 25 comments

in WordPress

wordpress logoHow To Delete
Any WP User

(And Keep The Content)

Whether we want to delete the admin user – or ANY user – WordPress gives us a lot of flexibility and makes it really easy!

Removing the “admin” user account, that is auto-created by many quick installers, is one of the first things WP users can do to increase their site security.

Removing it does not stop us from having a user with administrative privileges – but it DOES stop a hacker from immediately guessing our username!

This post may look a little long, due to me using a lot of screenshots, but the steps to remove the WordPress admin user, are actually really simple. (I just wanted to be sure the process was super clear!)

Steps To Delete the WordPress Admin User

1. Update Admin’s Email Address

First, we need to be signed in as the admin user and give the admin user an email address that is not the one we plan to keep. Two users can not have the same email, so we quickly set this “old” user to a fictitious address. 

Be sure you are signed in as the admin user, then in the upper right corner, hover over the words “Howdy, admin” and in the drop-down select “Edit My Profile”.  In the profile section you can enter a different email address and then click save/update.

(You can either use a totally fake email address or if you are a gmail user like me, add a +1 to the first half of your email address, to create a alternate email address that actually still goes to your real inbox.)

WordPress Change User Email Address

2. Create A New WordPress User

While still signed in as admin, we want to make a new user using our preferred username, password, and gravatar email address and set the “role” to say “administrator” in the drop-down box.

This is a good time to ensure you are using a secure password that you do not use on any of your logins.

3. Now, log out of admin and log back in as your new user.

4. Go to “All Users” and hover over “admin” and select the “delete” options

WordPress Delete User5. Delete The Admin User

On the delete user page, we need to take great care to ensure these settings are correct.

The listed user that we are deleting needs to say “admin” (next to the #2 arrow)

The check box (next to the #3 arrow) needs to be moved down to “Attribue all posts and links to….”

and the drop down for attribution (next to the #4 arrow) needs to show the username of our new user.

WordPress Delete UserWhat we are doing here is not only deleting the admin user but making sure that all of the posts, pages, etc that belonged to that user are not sent to the trashcan!

(If you accidently forget to move the box to attribute…. you will usually find most of the deleted posts in the “trash” section of posts and pages.)

And that’s all folks…. no more crummy admin user!

This really is a very easy process and it’s a great first step in learning to “harden” (improve the security of) WordPress. While it is only one of many steps that can be taken, its easy enough for anyone to do!

Fortunately, since WordPress 3.0, most auto-installers no longer create a default admin user and instead prompt you to create a user name for yourself… this was a great step forward for the baseline security of WordPress!

Hope you enjoyed this tip!

Now go do it! And then of course come back and leave me a comment! ;)

~ Kim ~

 Simple Tech Tips For Marketing

 

image source: WordPress & me

Get The Inside Scoop!
social tripletKeep up with all the latest social marketing changes!


{ 25 comments… read them below or add one }

Elena May 2, 2012 at 3:43 am

Interesting tip. Spammers are really giving me the pip, I’d try almost anything to get rid of them (even though I know that’s impossible, but at least I try).

Reply

John Gaydon May 2, 2012 at 4:03 am

Great idea Kim,

Like many others I had my wordpress sites hacked once, and it was no picnic fixing it all up.

Well, now I have another bundle of work to put on the to do list!

Thanks again for continually coming up with great innovations to help us all.

Reply

Sadie-Michaela Harris May 2, 2012 at 4:05 am

Great tip Kim! I’ve bookmarked this and I’m about to share it so simple yet so effective! Love the pictorial walk through too :)

Reply

Jim Antoine May 2, 2012 at 4:12 am

Using the automatically added username “admin” is a call to trouble.
I always suggest that your admin username must also contain a dash _ or 2 and some numbers. Just like passwords. And last but not least… BACKUP should be carried out in close intervals, between upgrades, many new posts etc..

Reply

chanikacha May 2, 2012 at 5:36 am

Actually I don’t know how to delete the admin user on my wordpress and I am watching some youtube video tutorial for it. Thanks for this kim.

Reply

Nicole Rushin May 2, 2012 at 7:01 am

Thanks so much. I have tried to find this information before by searching Google and have never been able to figure it out.

Reply

Willena Flewelling May 2, 2012 at 1:26 pm

Great tips, Kim! According to my WP blog, usernames cannot be changed. This is going to be very helpful. I’m looking forward to taking a few minutes later today and following your instructions.

Willena Flewelling
Willena Flewelling invites you to read…Your Brain is a Two-Way StreetMy Profile

Reply

Byrl Lane May 2, 2012 at 3:33 pm

This strategy is a useful way to slow people from breaking into your WP account.

Reply

Wendy MacKay May 2, 2012 at 7:12 pm

Thanks so much for all your valuable tips Kim. I don’t know what I’d do without good-hearted people like you teaching me. What do we do with ‘subscribers’ we suspect may be spammers?

Reply

Devesh May 2, 2012 at 8:31 pm

Interesting tip, Kim and thanks for the quick reminder. Finally deleted the admin account on my new blog.

Reply

Bruno Buergi May 3, 2012 at 2:35 am

Thank you Kim
I was not aware about that hackers can access the blog in a such easy way. I will checking my blog and correct it, so that my blog will be safe.
Bruno Buergi

Reply

caroline May 3, 2012 at 6:29 am

Hi Kim thanks for the step by step guidance am going to delete my admin account thanks for updating here…

Reply

Tan May 3, 2012 at 9:40 am

I am recently understand that default admin user may raise security risk to wordpress site, but what I can do is just not to use it during next installation and I still can’t figure out how to rectify this for my existing site. Thanks for sharing, this is what exactly I am looking for.

Reply

Jack Sander May 3, 2012 at 12:58 pm

This is quite a smart technique. I haven’t thought that such a simple change can have a great impact on a blog security.

Reply

Salman May 6, 2012 at 4:57 am

Pretty simple tute … Removing the admin user is the first thing I do after installing a wp blog.

Thanks for the share Kim

Reply

Dr. Erica Goodstone May 7, 2012 at 9:21 pm

Kimberly,

I always wondered whether it was possible and how to do it to remove the Admin user. Thanks for always sharing such incredibly valuable information.

Warmly,

Dr. Erica

Reply

Kristine May 8, 2012 at 4:09 am

Thank you for the information on how to improve security by deleting the admin user profile. I think this is the best way to prevent other users or hackers from getting into your account.

Reply

Anonymous May 9, 2012 at 6:50 am

Before reading this article i don’t know that admin can be deleted from the wordpress. Even i have thought sometimes regarding this but din’t get success to get the solution, but you provide me this great solution.. Thanks a lot

Reply

Chris May 14, 2012 at 11:08 am

This is a “no-brainer” that, I’m embarrassed to say, I’ve never done. I’ve spent the time and effort to install the typical wp secure apps, but not this easy step. It will now be at the top of my list for wordpress security. Good advice.

Reply

Anonymous January 11, 2013 at 2:46 am

Hi, Thanks for sharing this tip, i am about to perform this task but lacked the knowledge until i discovered your blog on Google. Keep up the good work on this blog. I love your blog content.

Reply

Kurt July 6, 2013 at 11:39 am

You know, this is such a simple tip! So simple that I completely went blank and could not figure it out. I was logged in as admin, added a second, more secure admin account then could not delete the first. It was so obvious after reading your tip, that I needed to log out and login again as the second admin before I could delete the first. Thanks so much for this tip!

Reply

Yorinda July 20, 2013 at 4:11 pm

Hi Kim,
just got your email about the most commonly used usernames and passwords.
It is amazing how many people don’t seem to realize how important it is to have more secure versions!
I am so glad that I did learn when I started with Wordpress to change this!
Your instructions are very clear.
I hope lots of people get to read your post!
Best wishes!
Yorinda
Yorinda invites you to read…Eye Writer How a paralyzed Artist gets to draw againMy Profile

Reply

Scott Craighead August 13, 2013 at 12:08 am

Nice little work around you have here. I never thought of doing it that way. That’s working the system right there. – Scott Craighead

Reply

Matt September 16, 2013 at 7:39 pm

Hello Kim. Thanks for this awesome tutorial. Your information is very well laid out and easy to understand. This is also a very important step that is often overlooked during the setup of a blog. It is a huge security risk to leave the default admin account in place, and it should definitely be removed asap, especially since there isn’t any benefit to leaving it there!

I am always looking for other tutorials out there on the net to kinda’ give myself a “gut check” and make sure that I’m not writing a bunch of gibberish in my own tuts that no one can understand!

Thanks again for the great tut! Much appreciated! Have a great evening.

Regards,
Matt Vaden

Reply

Kim Castleberry October 3, 2013 at 11:47 pm

My pleasure Matt, and thank you for your kind words :)
Kim

PS: Nice looking site you’ve got.

Reply

Leave a Comment

CommentLuv badge