If you’re on a self hosted WordPress account, you may have seen recently that there have been a high number of attacks against admin accounts. The best way to prevent these attacks is to remove the admin user – we’ll talk you through how to remove it.
First, log in as the admin user. Go to Users > Add New.
Create a new user, and give them an administrator role (this is the drop down at the bottom of the form)
(Avoid sending the password via email – WordPress sends this in plain text, so it’s not very secure)
Log in as the new administrator user, and go to Users > All Users. Hover over your admin user, and choose “Delete”
The following page will pop up:
If you’ve been using the admin account to publish posts previously, make sure that you choose to attribute all of their posts to another account – you wouldn’t want to lose blog posts here!
(We also recommend installing the plugin Limit Login Attempts – we increased the minutes that a user gets locked out for to 2880 minutes or 48 hours to be extra certain!)