wordpress usernames - what to avoid

Whenever I help a client set up their WordPress website, I always make sure that they choose a unique username for their own admin access as there are a number of high risk WordPress usernames everyone should avoid.

Sadly however, I still see far too many people using ‘Admin’.

I expect this is because a lot of the standard 1 click automated WordPress installation solutions default to ‘Admin’ during the set up process. This is a real shame as it’s a major security risk. You are simply giving away half of your login information, making it easier for your site to get hacked.

Top 5 failed WordPress Logins

The image above is from one of my client’s websites, with the free version of the Wordfence Security plugin installed. In the past week alone, there have been 29 attempts to login to the site using ‘admin’. Fortunately, when I installed Wordfence, I set it up to IMMEDIATELY block anyone trying to do this, along with a number of other common risky usernames.

Hackers don’t care who you are.

Hackers don’t care about the size of your site.

Please don’t make the mistake of thinking – my site is too small, insignificant etc. These hacks are automated and size doesn’t matter!

If you are using something like:

  • admin
  • administrator
  • login
  • [login]
  • guest
  • hostname
  • manager
  • support
  • test
  • testuser
  • tester
  • events

Please do yourself a favour and get it changed.

Don’t know how?

I’ve written a separate article to show you just how easy it is to do: “How To Change Username In WordPress”

Join The ‘Digital Coach For Coaches’ Email Community


Angie Stewart


WordPress Security


Oct 11, 2021

Get Avada Wordpress Theme

For Your
Next Project