If you are an administrator of any account, you should stop using "admin" as your username.
It turns out that this is one of the 3 big security mistakes that users make when it comes to WordPress security.
Why is choosing the admin username bad for the security of my WordPress site?
If you are the administrator of an account, you might think that using admin as your username is a great idea. However, this is not exactly true! When it comes to securing WordPress sites and choosing usernames for admin accounts, there are several things that can go wrong if you use admin as your username.
The first reason why the admin username is bad for security purposes has to do with brute force attacks. THESE occur when hackers try different combinations to gain access to passwords or private information of users on a particular website. Because many people also choose admin as their password because of its simple structure, these types of attacks tend to be very successful because they basically have everything they need to access a site from the start.
In addition to being vulnerable to brute force attacks, admin usernames are also very susceptible to social engineering scams. Social engineering scams occur when criminals try to convince unsuspecting users to provide personal information such as passwords or login credentials by pretending to be someone the user trusts. For example, if you receive an e-mail from your bank asking you to update your login information and you are not sure whether the e-mail is legitimate or not, it is best to call customer service and ask about the message before taking any other action.
Since admin is an easily guessed username, it is much easier for scammers to try to convince people to provide their personal login information. So if you use admin as your username, it is not only wrong for security reasons, it also makes you more susceptible to scams.
Tips for choosing a secure username.
We recommend that you do two things. The first is to check whether other accounts have been created on your site or blog, even in an automated way, with similar names (e.g., administrator, support, helpdesk). If you find any, change them to something more unique, such as a special term, department or person's name. This way, even if someone tries to log into your account, they will receive a login error.
The second thing to do is to use a password manager to create and store strong passwords for all your accounts (including the administrator account). This will ensure that no one can access your site by guessing or hacking your password.