Deleting The Admin Account On WordPress

Alert! If you have an admin account on your wordpress site, you need to delete it NOW. Maybe you have a wordpress installation that was set up some time ago. Whether you built your site or had somebody build your website for you, it's not important. What is important is that you eliminate the vulnerability that makes it easy for hackers to hack your website. I'll go through the steps in the included video. But first you should understand why having the admin account puts your site at risk of getting hacked.

 

Hackers don't look for your website. They have bots (automated programs) that search the internet for wordpress based websites. Once they find one, they know where the login page will be and start the hack. Your website (like almost all) security relies on a two key system. The first key is your username. The second is your password. By leaving the admin (default) account intact, they have one key already and it is only a matter of time before their password cracking program gets the second key. Then they can do whatever they want with your site including locking you out and holding it for ransom.

 

So now that you know why you're vulnerable and what's at stake if you get hacked, here's how to fix this chink in your armor.

 

Here's the process:

  1. Create a new account with administrator privileges
  2. Create a new account with editor or author privileges
    You can choose which fits best for you. Since this is your “public face,” you'll want to complete the profile including the author bio if you have that option.
  3. Then log out and log back in as your original admin
  4. Check the privileges of the new accounts you created and reset and save them if needed
    You'll only need to do this once. And make sure the public or nickname of the administrator account is different from your editor/author account. That's important so you don't accidentally attribute the content to your new administrator. What you saw was a painless correction in the video will actually need to be done manually for each post.
  5. Log out and log in as the new administrator
  6. Delete the old admin account and attribute content to your editor or author account
  7. Check to make sure you attributed the content to the right account.

A word of warning: Don't think that if you do this one fix, you'll be totally safe from hackers. There are many ways to hack a wordpress site. This stops ONE of the easiest paths for hackers to access your site.

 

 

10 Comments

  • AKASH GOLA

    Reply Reply June 28, 2015

    Hi Rob Calhoun,
    Great article, very informative.
    Thanks for the information.

  • Eva Rabinovich

    Reply Reply January 31, 2016

    Hey Rob,
    I wish I discovered this post before. I had a very big trouble with hackers and was forced to build a brand new blog because they replaced all my content with spun content and replaced credentials for my WordPress login account. Thanks for sharing this.

  • Robin Khokhar

    Reply Reply February 15, 2016

    Hi Rob,

    You have shared some great piece of information, but I want to know that the security plugins like Wp security will work well or not???.

    And also thanks for sharing this amazing post.

    • Rob Calhoun

      Reply Reply March 31, 2016

      Robin,
      There are plugins that people swear by like WordFence and SecureScanPro. The main thing is that the plugin does what it says, and is supported (updated) and most importantly – you keep the plugins, themes, and wordpress updated.

  • Zahidul Islam

    Reply Reply March 28, 2016

    If you are still using a default admin or want to delete another user, this … I have taught thousands of people how to set up their WordPress sites and grow them out. … Hi, I am trying to delete my admin account, but I haven’t the “delete” option …

    • Rob Calhoun

      Reply Reply March 31, 2016

      Zahidul,

      Without actually looking at the specific site you’re asking about, I’d say first look at the level of the account you’re using. Does it have administrator rights? If yes, then I would disable ALL plugins and check again. You must make sure you have a working user account with administrator rights before deleting the admin account.

      Some might think the next step is to go through c-panel to remove the admin user at the database. This would be a bad idea until you know why your administrator account does not have full administrator rights.

  • Sunirmal Das

    Reply Reply April 22, 2017

    Thank you, I never knew that admin account could be the leakage point on my site.

  • Sandeep

    Reply Reply June 10, 2017

    Hi Rob Calhoun,
    Very informative article. Deleting admin account will be a good decision for security. Thanks for sharing this amazing post.

  • Amit

    Reply Reply June 14, 2017

    thanks for tutorial it really helps on my wordpress website

Leave A Response

* Denotes Required Field