Deleting The Admin Account On WordPress

5avg.rating 28 votes.

stopping wordpress hackersAlert! If you have an admin account on your wordpress site, you need to delete it NOW. Maybe you have a wordpress installation that was set up some time ago. Whether you built your site or had somebody build your website for you, it's not important. What is important is that you eliminate the vulnerability that makes it easy for hackers to hack your website. I'll go through the steps in the included video. But first you should understand why having the admin account puts your site at risk of getting hacked.

 

Hackers don't look for your website. They have bots (automated programs) that search the internet for wordpress based websites. Once they find one, they know where the login page will be and start the hack. Your website (like almost all) security relies on a two key system. The first key is your username. The second is your password. By leaving the admin (default) account intact, they have one key already and it is only a matter of time before their password cracking program gets the second key. Then they can do whatever they want with your site including locking you out and holding it for ransom.

 

So now that you know why you're vulnerable and what's at stake if you get hacked, here's how to fix this chink in your armor.

 

Here's the process:

  1. Create a new account with administrator privileges
  2. Create a new account with editor or author privileges
    You can choose which fits best for you. Since this is your “public face,” you'll want to complete the profile including the author bio if you have that option.
  3. Then log out and log back in as your original admin
  4. Check the privileges of the new accounts you created and reset and save them if needed
    You'll only need to do this once. And make sure the public or nickname of the administrator account is different from your editor/author account. That's important so you don't accidentally attribute the content to your new administrator. What you saw was a painless correction in the video will actually need to be done manually for each post.
  5. Log out and log in as the new administrator
  6. Delete the old admin account and attribute content to your editor or author account
  7. Check to make sure you attributed the content to the right account.

A word of warning: Don't think that if you do this one fix, you'll be totally safe from hackers. There are many ways to hack a wordpress site. This stops ONE of the easiest paths for hackers to access your site.

 

 

The following two tabs change content below.

Rob Calhoun

Backend Specialist at R. Calhoun IE
+ Rob Calhoun Helps small to medium businesses succeed by building systems for them that help them get new customers, retain customers, and re-energize past customers. Rob helps clients and marketers maximize the return they get from their online marketing efforts.

Leave a Comment:

CommentLuv badge
Show everyone who you are across all sites. Get a Globally Recognized Avatar (Gravatar) now!
It's Free Click Here
8 comments
AKASH GOLA says

Hi Rob Calhoun,
Great article, very informative.
Thanks for the information.

Reply
Eva Rabinovich says

Hey Rob,
I wish I discovered this post before. I had a very big trouble with hackers and was forced to build a brand new blog because they replaced all my content with spun content and replaced credentials for my WordPress login account. Thanks for sharing this.

Reply
Robin Khokhar says

Hi Rob,

You have shared some great piece of information, but I want to know that the security plugins like Wp security will work well or not???.

And also thanks for sharing this amazing post.

Reply
    Rob Calhoun says

    Robin,
    There are plugins that people swear by like WordFence and SecureScanPro. The main thing is that the plugin does what it says, and is supported (updated) and most importantly – you keep the plugins, themes, and wordpress updated.
    Rob Calhoun recently posted..How To Write A Post And What To Do With ItMy Profile

    Reply
Zahidul Islam says

If you are still using a default admin or want to delete another user, this … I have taught thousands of people how to set up their WordPress sites and grow them out. … Hi, I am trying to delete my admin account, but I haven’t the “delete” option …

Reply
    Rob Calhoun says

    Zahidul,

    Without actually looking at the specific site you’re asking about, I’d say first look at the level of the account you’re using. Does it have administrator rights? If yes, then I would disable ALL plugins and check again. You must make sure you have a working user account with administrator rights before deleting the admin account.

    Some might think the next step is to go through c-panel to remove the admin user at the database. This would be a bad idea until you know why your administrator account does not have full administrator rights.
    Rob Calhoun recently posted..Your Email Isn’t Getting Delivered If You’re Doing ThisMy Profile

    Reply
Sunirmal Das says

Thank you, I never knew that admin account could be the leakage point on my site.

Reply
Add Your Reply

Want More Customers?

Video shows How
You Can Get Them 
In as little as 20 minutes...

x