WordPress is the most developer-friendly content management system out there, the software enables you the ability to create beautiful designs, it has powerful features, and the freedom to build anything you want. Millions of websites are powered by WordPress software. Unfortunately, that has some downsides as well.
Your First Line of Defense – your login page!
To start, change your default configuration, hackers and some pesky users with too much curiosity immediately know where to log in to get into your admin area. In WordPress, you can just type in domain.com/wp-admin, and it will take you right to the login screen. Once there, it’s all about trying to crack your password and the most common method hackers use is brute force, which allows them to test millions of login combinations in a short amount of time. The very first line of defense is to change your login page to something other than wp-admin. Next, ensure the username is unique, don’t use the typical “admin” username. You will protect your website immediately, once you ensure your username is unique. Delete the Sample Page; it lets hackers know you have just setup WordPress and likely have not updated your username and login page.
If you have already installed your website and you chose “admin” as your username, don’t worry about it. There’s still a way to change it. – Go to the Users section on the WordPress. The fastest way is to register another user and then give that user admin permission. Then you can log in with that new admin username and proceed to delete the old “admin” username. You will need to use a different email than the one assigned to the admin username if using this method.
If you have many posts and pages assigned to your user and don’t want to re-assign them, you can change your username through PHPMyAdmin. First login to your cPanel and go into PHPMyAdmin. Select your WordPress database and go into wp_users table. Click Edit next to your “admin” user, and change the user_login field to whatever you want it to be.