WordPress default administrator account
Description
WordPress installations using the default administrator username admin are more susceptible to automated brute force attacks. Attackers commonly target this well-known username, reducing the complexity of credential-based attacks by eliminating the need to guess both username and password. This predictable configuration increases the attack surface and makes password-guessing attacks more efficient.
Remediation
Change the default WordPress administrator username to a unique, non-obvious value. This can be accomplished through one of the following methods:
Method 1: Create a new administrator and delete the default account
1. Log in to WordPress with the existing admin account
2. Navigate to Users → Add New
3. Create a new user with a unique username and assign the Administrator role
4. Log out and log back in with the new administrator account
5. Navigate to Users → All Users and delete the original 'admin' account
6. When prompted, attribute all content to the new administrator
Method 2: Direct database modification (advanced users)
1. Back up your WordPress database before making changes
2. Access your database through phpMyAdmin or command line
3. Locate the wp_users table (prefix may vary)
4. Update the user_login field for the admin user to a new unique username
Additionally, implement complementary security measures such as limiting login attempts, enabling two-factor authentication, and using strong passwords to further protect administrative accounts.