The good ol’ admin account.
Every website has one, and WordPress installs it by default. Therefore everyone who wants to hack your site knows exactly what account to try for.
But, what if you didn’t use that name?
Seriously, if everyone changed the location of their car’s ignition switch, wouldn’t it suck to be a car thief? Imagine how long it would take if every time someone tried to steal a car, they had to strip search the whole car to find out where to start it.
Default means just that. You don’t have to use it, the system just needs something to use if you don’t select what you want. Hosting companies often use Fantastico to install WordPress and just above the “install WordPress” button, you have the option of changing the account name to whatever you want. You don’t have to take the default. WordPress doesn’t care what account name you use. As long as you have a name to use, WordPress is fine and happy.
Maybe you want the administrative account to reflect your philosophy on computers in general such as “HatezThisDamnThing” or go with a more Native American naming structure such as “SlapsMeInTheHeadALot”, “DancesWithSlackers” and even “PaidALotaLoot”.
It’s your business and your system. Have fun with your security protocols. You don’t have to be the military or government to be paranoid. Paranoia is totally non-discriminatory.
Of course, if you REALLY want to have fun with this, you can hide the login screen altogether. After all, why hide the lock, when you can hide the entire door?
Stealth-Login is a WordPress plugin that accomplishes this. You can make your login page use whatever link you want. No need to give out the location, just make up the URL anything you want and that will be the new login page.
Your website is your party.
When someone tries to use their car keys to open the back door of your house and take it around the block for a spin, move the handle on that door and make them wonder where you put it.