You are not still logging in with the username 'Admin' are you?
One of the most common WordPress attacks is directed at user accounts with the username of 'admin'. Once upon a time the WordPress installation script automatically created an admin user named 'admin'. Today, while the script prompts you for a username it defaults to 'Admin'.
Here is a screenshot from a WordPress blog I manage. You can see all the attempts by hackers to login as admin:
Using the WordPress username 'Admin' effectively cuts the hacker's job in half.
If you have been using 'Admin' as a username then here's what you must do right now:
- Create a new user for yourself. Give the new user the role of 'Administrator' Make the username something that would be hard to guess. Don't use combinations that include your name.
- After clicking 'Save' to create the new user then go back in and edit it, changing the Display Name Publiclly as field so that it is not your username.
- Logout as Admin.
- Login as the new user.
- Go to the Users screen ad click on 'Delete' for the 'Admin' user.
- Wordpress will ask you what to do with posts and pages authored by 'Admin'. Tell it to assign them to the new user.
There, You're a lot safer now.