Jan 292014

In one of our last articles, namely this one, Bob showed us how to make our WordPress sites more secure.  In that post he discussed choosing a username that is not “admin” or some combination of your name.  Well, we looked at our own accounts, and both Bob and I were guilty of violating that rule on some sites we each own.  Maybe you are as well.

What should a blog post DO?

Here is the rub though. If you go into your User Profile, it says that the usernames cannot be changed.  This is another security feature of WordPress, but, if you left your username as “admin” what are you to do?  We just told you that “admin” is the least secure username.  And now we are telling you that it can’t be changed?!?!  Well no.  The fact is WordPress runs a series of databases with all of your information in them.  With some gentle massaging of one of the databases you can change your username.

This is a bit advanced and involves cPanel and MySQL administration, but it is not hard.  First, decide on a username that will be secure and hard to guess.  You should be able to remember it but not be any part of your address, birthday, kids names etc.  Next, head over to your webhost.  At (the preferred hosting company of Haylestorm Interactive) they use cPanel to manage the nuts and bolts of your website.  cPanel is great for the user, everything is easily found without crawling through complicated code or nebulous files that do not have any meaning to anyone but the designer.  If your host doesn’t use cPanel, I would highly recommend changing to one that does.

Your next task is to log into said cPanel.  You should have the login details from your hosting provider.  Scroll down to the “databases” section and choose “phpMyAdmin”.  That will get you into the database for all of your sites.  Now, if you only have the one WordPress install you will only have a couple of files to look at.  On my hosting, I have 20 different installs from separate sites, some of which are not used anymore.  You will need to click into your WordPress install, With my host each site is identified as _wrdp##.  ifyou only have 1 WordPress, the number should be 1.

Now there is a list of files that shouldn’t bee too intimidating, unless your site is huge and has a bunch of plugins.  The only file you need to be concerned about is wp_users.  Click on that and it will show you all of the users that WordPress has for your site.  Depending on how your site is configured, this can be huge or it can be only you.

Once you have identified the username that you want to change, click on it, enter your new username, and hit change.  That is it.  You should also change the “user nice name” field to match the new username and avoid confusion on your site later.  Once you are finished, hit change again.  You should have a popup showing that 1 row has been changed.  Then that is it.  Your username has been changed and your site is now more secure.

Be sure to log out of your phpMyAdmin and log out of your cPanel, not just close the window.  Cookies can leave a trail that hackers can exploit as well.


Stay tuned for more tech tips from both Bob and myself.


Justin Matthews

Justin is the Stay-At-Home-Dad who is the Geek in this operation. What Bob abhors about code Justin loves. Bob has Ideas, Justin implements them, and together they are a great team. Justin has a unique ability to turn any geek-lish into English for even his mother and mother in law, no easy feat. He can do the same for just about anyone. If possible, he is even cheaper than Bob, but can use almost any web tool put in front of him. He goes a bit crazy writing about his life over at Catharsis of the Bogue.com; when he can find the time between fulfilling Bob's wild requests and wrangling 4 kids.

More Posts -

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>