<b>Never use "admin" as your username</b>

<b>Never use "admin" as your username</b>

When you install WordPress, you pick a username for logging in. A surprising number of people choose "admin," and attackers know it.

Why it matters: hackers run bots that try logging in with "admin" plus thousands of guessed passwords. Half the puzzle is already solved if they know your username. Worse, your username can sometimes be visible in the web address of your author page.

What to do:
— Pick something unguessable as your login name, not "admin" or your site's name.
— Already stuck with "admin"? Create a new administrator account with a fresh name, log in as that, then delete the old one (assign its posts to the new user).
— Add a strong password while you're there.

<i>In plain words:</i> a secret username is the lock and the password is the key, don't hand out the lock for free.