We use an outside service to periodically scan our sites for vulnerabilities. Recently, we were advised that one of our WordPress multisite installations uses the default “admin” for the SuperAdmin username.
I actually knew about that, but, as anyone who manages WordPress sites knows, you can’t change your username once set. For a while, I didn’t worry about it, but this seemed to be the last little vulnerability I needed to address on the list, so I decided to tackle it.
Fortunately, I was able to find a solution by searching the web. Auroral is a blog in the UK, and they spell it out quite easily. You can view their solution, or, for expediency of time, here’s the solution:
Before making any changes to your database, be sure to back up your database.
- Using phpMyAdmin, or whatever database tool you prefer (I use NaviCat), log into your database.
- Find your [wp]_users table ([wp] would be whatever prefix you used when you set up your database).
- Find the row in the table where admin is the value in the user_login column.
- Change admin to whatever value you prefer. Your new name must not contain spaces.
- Change the value in the user_nicename column to match the same value.
- Commit these changes.
- Find the [wp]_sitemeta table.
- Find the row with site_admins for the meta-data value. You should see something that looks like this:
a:1:{i:0;s:5:"admin";} - Change admin to your new administrator name — the same you entered in step 4, above.
- Change the 5 to the count of characters in your new administrator name. For example, if your new user name is “cooldude,” then the count would be 8. Therefore, this value should read:
a:1:{i:0;s:8:"cooldude";} - Commit this change.
Of course, test and re-test.
