Fraud Blocker Choosing Clever Usernames and Passwords: An Essential Step in WordPress Security

Choosing Clever Usernames and Passwords: An Essential Step in WordPress Security


In the world of WordPress security, something as simple as your username and password can play a pivotal role in protecting your website from malicious threats. Surprisingly, many users overlook this aspect, assuming that security plugins and firewalls alone will safeguard their site. This couldn't be further from the truth. Selecting clever usernames and unique, complex passwords is the first line of defense in your WordPress security strategy.

The Importance of Unique Usernames

By default, many WordPress installations use 'admin' as the username for the primary administrator account. This commonality makes it an easy target for brute force attacks, where hackers attempt to gain access to your site by guessing your password. If your username is already known, it gives them a head start. Therefore, selecting a unique username is the first step in enhancing your WordPress security.

Moreover, by using a non-descriptive username, you can add an extra layer of obscurity to your login credentials. For instance, instead of using your name or something directly related to your business, opt for a combination of words or an alias that isn't easily associated with you or your website.

Complexity and Unpredictability in Passwords

The importance of a complex, unpredictable password cannot be overstated. According to SplashData's 2019 annual list of the most popular passwords stolen throughout the year, '123456' and 'password' topped the list. This shows a common and troubling trend among internet users in general: the lack of complexity and uniqueness in their passwords.

A strong password is not just about length, but also complexity. It should include a mix of uppercase and lowercase letters, numbers, and special characters. This diversity makes it harder for hackers to guess your password or crack it using automated tools.

As a rule of thumb, avoid using easily guessable information in your password. This includes common words, names of loved ones, birthdays, or other personal information that can be found with a quick internet search.

How to Change Your WordPress Username and Password

You might be wondering how to change your WordPress username and password. It’s simple. To change your password, log in to your WordPress admin dashboard, navigate to 'Users > Your Profile', scroll down to the 'Account Management' section, and click on 'Generate Password'. WordPress will automatically generate a strong password for you, but you can also enter your own. Once done, click 'Update Profile' at the bottom of the page.

For the username, WordPress doesn't allow you to change it directly from the dashboard, but there are a couple of methods you can use:

1. Create a new user with administrative rights: From your WordPress dashboard, go to 'Users > Add New', fill in the required information with the new username, and set the 'Role' to 'Administrator'. Then, log out of your WordPress dashboard, log back in with the new username and delete the old 'admin' user. Make sure to attribute all content to the new user when prompted during deletion.

2. Change it manually in the database: This method is a bit more technical and involves interacting with your WordPress database via phpMyAdmin. Always remember to back up your database before making any changes.

Using Password Managers for Safekeeping

Remembering complex passwords for each website can be challenging. That's where password managers come in handy. They store your passwords in an encrypted format and fill them in automatically when needed. Some popular password managers include KeePass, 1Password, and LastPass. By using a password manager, you can maintain complex and unique passwords for each site without the need to remember them all.

Two-Factor Authentication for Enhanced Security

In addition to a unique username and complex password, enabling two-factor

authentication (2FA) adds another layer of security to your WordPress login. With 2FA enabled, even if someone manages to guess your password, they'll still need to bypass the second level of authentication, which could be a text message to your phone, a biometric check, or a time-based one-time password (TOTP).

WordPress doesn't support 2FA out of the box, but there are several plugins available that add this functionality, such as Wordfence Security, Two Factor Authentication, and Google Authenticator.


Security is a multi-faceted concept. While firewalls and security plugins play a significant role in protecting your WordPress site, the importance of basic security measures like using unique usernames and complex passwords should not be underestimated. By combining these strategies with regular updates and security checks, you can greatly enhance the security of your WordPress site and reduce the likelihood of becoming a victim of cyber threats.

Remember, the security of your WordPress site is only as strong as its weakest link. By ensuring that every aspect of your site is secure, from your username and password to the PHP version you're running, you can build a robust defense against potential attacks. Keep in mind that in the realm of cyber security, an ounce of prevention is indeed worth a pound of cure.

wordpress security update banner

Receive WP Security Weekly for Free 👋
Signup Now

Sign up to receive WordPress Security Update in your inbox, every week.

We don’t spam! Read our privacy policy for more info.