5 Things You Should Know About Your WordPress Username & Password

5 things you should know about your WordPress Username and Password via @GretLouiseYour WordPress username and password are what lets you inside your WordPress dashboard. Together they are two of the most important security features of your site—especially if you are using WordPress.org. While WordPress.com users won’t have the option of an admin username (#3), it is still important for you to have a secure password. Automated bots might not try to attack WordPress.com sites as often, but human hackers might. Here are five things you should know about your WordPress username and password.

1. Your username is public.

The username you use to log in to your WordPress dashboard is public. It’s the same username that is part of your author post archives: http://yourname.com/author/yourusername/ Make sure you choose something you want the public to see and link to.

2. Your username should not have special characters, spaces, or be your email address.

If your domain is janedoe.com, make your username jane or janedoe. Keep it simple and easy for you to remember. Avoid the use of special characters in your username. And don’t use your email address!

3. Your username should not be “admin.”

The default WordPress.org username is admin, making it the standard username used in hacking attempts. If your username is admin, change it immediately. (Add a new user, login as the new user, and delete the admin user, attributing all the admin user’s post to the new user. Click here for detailed directions.)

4. Your password should have upper and lowercase letters, numbers, and special characters in it.

Hacking attempts are real. Whether it is automated bots that are trying to hack into your account, or a disgruntled site visitor who wants to wreak havoc, you want to make it impossible for them to guess your password. Mix it up with upper and lower case characters, numbers, and symbols like !”£$%&.

5. Your password should be hard for you to remember.

Your WordPress password should be so complicated that it is almost hard for you to remember. Write it down somewhere safe in case you forget it. Or use an app like LastPass or 1Password to generate and store difficult to guess passwords. Whatever you do, don’t make your password so easy for you to remember that your hackers can guess it, too.


Got more than 5 minutes?

WordPress.org users, read these WordPress security tips and double check to make sure you have a good security plugin installed and up to date:

Leave a Reply

Your email address will not be published. Required fields are marked *


  1. Hi
    Keeping your WordPress blog secure is very important and the username and password might be the most important. Take it from one that have had his blog hacked a couple of times. Another tip could be to use 2-factor security to your WordPress login.

  2. Excellent advice, especially about the passwords. Users should use a different password for each and every individual account. A password manager makes it easy to have long, random passwords that are strong against hacking, and you don’t have to remember all those passwords or even do all that typing!

    An additional piece of advice is prudent. If the user plans to store their password file on something like DropBox, or anywhere that you suspect someone could gain access to, they should know that the crypto community has found the file formats used by LastPass and 1Password to have vulnerabilities. There is a similar application, a free (Open Source) program called Password Safe (http://psafe.org) that is much more resilient against attempts by others to decrypt the file that stores your passwords.

  3. The Username does not have to be publicly viewable.

    The NiceName field is what is propogated when you view the /author/name in the browser and it is automatically assigned the Username.

    But you can – and should – change the Nicename field in the database to a different name.

    That will not affect the Username or hurt anything but it will increase the security of your site.

    Also, change the Nickname to something other than the Username as well.

    Furthermore, don’t allow anyone that can log in to select the Username as the name to view.

  4. Gretchen, I’m so glad you’re doing this series. I am in the process of redesigning and moving my blog to wordpress.org, and I didn’t know about these tips. Will definitely be utilizing them when it’s time to set everything up. Thank you!