Neutering the admin account
It's a good idea to understand the power structure of the WordPress roles and capabilities and we'll address this but, first, let's interrogate the admin user.
Before WordPress 3, when you installed the platform, a primary admin account was created by default. WordPress 3 shook things up and new installations now allow the installer to specify the initial username:
Updates from previous versions, however, retain old accounts, including admin.
The problem with admin
The problem with the admin account is that hackers know that it very likely exists, together with its sweeping powers. They also know people often don't change default settings. So ... their brute force bots merrily do the WordPress rounds trying to chance a login where the user is admin. To put it another way, if you use the admin account you are halfway to becoming a victim of a potentially successful brute force attack.
Deleting admin
If you have a user called admin, do this. In the Dashboard, create another...
