Brute force login attempts are typically against the admin user. The admin user used to be the default username of the first administrator created when installing WordPress but since version 3.0 the installation now asks you what you want to name it. By removing the admin user you are forcing the malicious hackers out there to guess not only your password but also your username. In this cat and mouse game of security, fortifying the barriers to entry is a good thing for the good guys and gals. The Pendeo provisioning system does not create an admin user but if you’ve created one yourself or you migrated your site with an existing admin user, here’s how to rename it:

1. Sign into your wp-admin as the admin user.
2. Use the “Users->Add New” screen to create a new user.
3. Provide a new username that’s not “admin”.
4. The new user’s role must be set to “administrator”.
5. Specify a super long password. Click here to get a few generated automagically.
6. Click “Add new user”.
7. Sign out as the “admin” user.
8. Sign in as the new user.
9. Delete the old “admin” user and assign all posts, pages and comments to your new admin user.