The WordPress Administrator is the super user, the power user, the user holding all the cards.
With all the power the WordPress administrator can do absolutely anything to your website. If you are the legitimate owner of your website and you manage your own site then you will may want be able to to anything and everything
So just what can the WordPress Administrator do?
Virtually anything is the answer. The only proviso really is that the Administrator role in WordPress refers to a single website. There is a role of super user and this is used where there is a farm of related websites and the super user has authority over all the websites in the multisite installation.
The administrator can effect changes to their own work and anything that anyone else does on your site, including any other administrators.
As an administrator you can:
- Add, edit and delete pages
- Add, edit and delete posts
- Add, edit and delete plugins
- Add, edit and delete themes
- Add, edit and delete users
- Manage categories
- Manage the SEO settings
- Change the way your website looks
- Moderate any comments of posts
This is just an overview of the most important tasks that the WordPress administrator can do. So, you can see that this is an important role and as such you only want people you know and trust using this role.
When you install WordPress the installation script creates a username called “admin”. Seems logical you might think and very straight forward.
But the problem with this scenario is that if hackers know the username of the WordPress administrator they have a foot in the door.
So what can you do to minimize this risk?
The first thing that I do, and I would recommend that you do the same, is to change the username of the administrator. You will need to:
- Login as admin
- Create a new user, also with the role of administrator
- Log out
- Login again using the new user create in step 2
- Delete the admin user used in step 1
And now you have reduced the risk of someone hacking into your website just by following these 5 short steps. I think it would take you less that 5 minutes, if that, so I can’t see a reason not to do it.
Summary
The administrator can do anything on your website, for good, and for bad.
Reduce the possibility of your website being hacked by changing the username of the WordPress administrator – now!