Why should you immediately change the name of the default admin user?
- All new Joomla installations start with a Super Administrator account called, 'admin'. During the installation process, you will be asked to give this account a password. That's great as far as it goes, but because the user name of this highly-confidential account is generally well known, 50% of the security of the username/password combination is already exposed. Now all anyone needs to do is guess the password and they're in.
- By changing the user name to something more difficult to guess, you greatly increase the difficulty of accessing the account. An attacker must correctly guess both the user name and password at the same time to gain access. This is several magnitudes more difficult than simply guessing the right password.
- Log into the Back End
- Select User Manager
- Select the 'admin' user record
- Change the value in username. (Good user names contain a mix of letters and numbers.)
- Remember the new username!
Joomla 2.5 let's you choose the name of your Super Administrator account while installing, so you don't need to rename it later.