Using ‘admin’ as a username with administrator privileges in WordPress significantly increases the risk of brute-force attacks. This default username is commonly targeted by attackers, as it is often used and easily guessed.
To enhance security, it’s advisable to create a unique username with administrative rights and delete or change the role of any existing ‘admin’ user. When choosing a new username, avoid common names or easily guessable words, and opt for something more complex and less predictable.
WP Security Ninja tests for this situation – User “admin” with administrator privileges exists
After creating a new administrator account, ensure that the old ‘admin’ account’s content is attributed to the new user, then safely remove or demote the ‘admin’ account. This process prevents potential attackers from using the common ‘admin’ entry point to try and access your site.
Additionally, implement strong password policies and consider using two-factor authentication for an added layer of security. These steps, combined with a unique username, significantly bolster your WordPress site’s defense against unauthorized access attempts.