As a fellow WordPress site owner, keeping your admin email secure should be a top priority. I’ve been running WordPress sites for over 15 years, and changing the admin email is one of the most important things you can do.
Why is the admin email address so critical? It’s the master key to your site. Anyone with access can take over accounts, reset passwords, and even download your site database.
Unfortunately the default admin email set during installation is often an insecure personal email like Gmail. Recent statistics show over 58% of WordPress sites still use a free consumer email as the admin address.
This exposes your inbox to potential hackers. According to Sucuri, compromised admin emails are involved in over 65% of WordPress site hacks.
Let me walk you through how to properly change your WordPress admin email to keep your site secured. I’ll share some best practices I’ve learned after 800+ hours as a WordPress consultant.
We’ll cover:
- When to change your admin email
- Step-by-step instructions using 3 methods
- Choosing a professional email provider
- Extra security tips from WordPress experts
Equipped with this guide, you can confidently update your admin email and encrypt the master password to your site.
Contents
Know When It‘s Time for a New WordPress Admin Email
The first thing is recognizing when it makes sense to change your admin email credentials.
Here are 5 common scenarios that typically prompt an admin email change:
1. Switching from Personal to Business Email
Most users sign up for WordPress using their existing Gmail or Outlook address. This is fine when initially starting out.
But for an established site, a professional business email address makes more sense as the admin account.
Your website likely has a branded domain name like yourcompany.com. The admin email should match that domain, for example [email protected]
Not only does it look more professional, but it separates personal and site notifications. Business emails also have greater security protections and continuity if you ever change providers.
2. Transferring Website Ownership
Selling a website or transferring it to a new owner always requires an admin email change.
Perhaps you‘re handing off management to another team member or someone is acquiring your site in a sale. Either way, the new owner needs to input their own admin email address.
This grants them access and removes it from the previous owner. Failing to change the admin credentials on an ownership transfer leaves your site vulnerable.
3. Switching Email Providers
Maybe you decide to change domain registrars including your business email. Or you want to transition webmail providers from Gmail to Outlook.
In any case, your previous admin email will cease working. You‘ll need to log in to WordPress and point the admin address to your new active email provider.
A study by Imperva found nearly 20% of sites had inactive or outdated admin emails that no longer functioned. Regularly verifying and updating your email prevents lockouts.
4. Compromised Email Account
If the inbox tied to your admin email is ever hacked or compromised, hackers could leverage it to access your site.
They can use it to reset your password or make other unauthorized changes. A compromised admin email puts your entire site at risk.
If your admin address is ever part of a data breach, spin up a new clean email for your WordPress admin as soon as possible. This locks out the hackers before they can capitalize on the stolen credentials.
5. Lost Access to Admin Email
It‘s not uncommon for site owners to lose access to the original admin email down the line. The email may have been tied to an old employer, school, or provider that closed the inbox.
Without access to that email, you cannot reset your WordPress password or make account changes. In this scenario, changing the admin email is the first step to regaining dashboard access.
Choose the Right Email Provider for Your WordPress Admin
Picking your admin email provider deserves careful consideration:
-
Using one tied to your registered domain looks most professional. For example, [email protected]
-
Consumer webmail like Gmail, Yahoo, or Outlook are less secure options for an admin account.
-
Make sure you have full normal access to the email now and going forward.
-
Enable two-factor authentication for an extra layer of security on the inbox.
-
Consider setting up forwarding to aggregate admin notifications into a single inbox.
Many WordPress site owners opt for G Suite or Outlook 365 for a professional business email at a low monthly cost. Another secure option is the email service provided by your domain registrar.
I recommend avoiding free consumer email providers like Gmail or Hotmail for your admin account email. While convenient, these lack extra security protections and business continuity compared to paid options.
Step-by-Step: How to Change the WordPress Admin Email
Ready to learn how to actually update your WordPress admin email? The good news is WordPress makes it straightforward right from your dashboard.
I‘ll walk through 3 different methods to change the admin email and when to use each one:
Method 1: Change Admin Email in Dashboard
The easiest way to update your admin email address is directly through your WordPress dashboard:
-
Log in to your WordPress dashboard.
-
Go to Settings > General.
-
Under "Email Address" enter your new professional admin email address:
- Scroll down and click "Save Changes".
This immediately updates the admin email used for WordPress notifications. However, the change is pending verification of the new email.
You‘ll see a notice indicating the new address needs to be verified:
Check the inbox for your new admin email. You‘ll get an email from your WordPress site with a verification link.
Click the verification link in the email to authorize the admin email change. This completes the process.
You can also change the specific email tied to your primary admin user account in the General settings:
-
Scroll down to "Administration Email Address".
-
Enter a new email address.
-
Verify the email change by clicking the link sent to your new inbox.
Changing the admin credentials right from your dashboard is quick and easy. It adds a layer of security by requiring email verification.
However, if for some reason you are unable to access the verification email, then you have a couple alternatives.
Method 2: Change Admin Email with Plugin
If you cannot complete email verification, the simplest alternative is using the WP Change Admin Email plugin.
This handy plugin allows you to bypass verification and directly update the admin email address in WordPress.
Here is how to change your admin email with WP Change Admin Email:
-
Download and install the WP Change Admin Email plugin.
-
Activate the plugin from your Installed Plugins page.
-
Go back to Settings > General.
-
Enter your new admin email address in the "Administration Email Address" field:
- Click "Save Changes" and your new admin email will be set without verification.
This plugin is extremely helpful if you‘re locked out of your current admin email and need to urgently update the credentials.
The free version lets you easily change the primary admin email. If you want to add multiple admin email addresses, consider upgrading to the Pro version.
Method 3: Manually Edit Admin Email in Database
In rare cases where you cannot access your WordPress dashboard at all, you may need to edit the admin email directly in the database.
I only recommend doing this if you have no other options, as tweaking the database incorrectly can cause issues.
Manually changing the admin email requires access to your site‘s phpMyAdmin and comfort with MySQL databases. Most managed WordPress hosts provide phpMyAdmin.
Here are the steps to manually change the admin email in phpMyAdmin:
-
Log in to your hosting account and access the phpMyAdmin tool.
-
Select your WordPress database on the left column.
-
Choose the "wp_options" table.
-
Find the row where option_name=admin_email and click Edit.
-
Update the "option_value" field with your new admin email address.
-
Click Go to save your changes.
This updates the main admin email tied to your WordPress site notifications and alerts.
To also change the primary user account address:
-
Select the wp_users table in phpMyAdmin.
-
Find the row with your admin user account and click Edit.
-
Update the "user_email" field to your new address.
-
Click Go to save.
The manual phpMyAdmin method instantly changes your admin credentials without any email confirmation. Use it with caution as a last resort if locked out of the WordPress dashboard.
Best Practices for Securing Your Admin Email
Now that you know how to change your WordPress admin email, here are my top tips for keeping it secure:
Use a Custom Business Email
As mentioned, always use a professional custom email tied to your domain, like [email protected]
Consumer email providers like Gmail or Outlook are less secure and professional for an admin account.
Enable Two-Factor Authentication
Two-factor authentication (2FA) adds an extra credential check beyond just a password.
Enable 2FA on both your WordPress account and the admin email inbox for maximum security.
Separate From Personal Email
Don‘t use your everyday personal email as the WordPress admin address. Keep them separate to prevent clutter and security risks.
Restrict Access
Limit access to the admin email only to site owners and trusted team members who need it. Don‘t share the admin address publicly.
Change Immediately if Compromised
If your admin email is ever compromised in a data breach, change it right away along with resetting your WordPress password. This locks out hackers before they can infiltrate your site.
Forward for Monitoring
Consider setting up a forwarding rule to aggregate admin notifications into a single monitored inbox. This lets you catch unauthorized changes.
Taking a few simple precautions will help lock down your admin email as the key to your WordPress site.
WordPress Admin Email FAQs
A few common questions when changing your WordPress admin email:
Does changing the admin email affect my username?
Nope, your WordPress username and admin email are separate. Changing your admin email does not reset or change your username.
What happens to the old admin email account?
The old email will no longer receive WordPress notifications after the change. But it stays associated with the original connected user account.
Do I need to re-verify site ownership after changing email?
Typically no, services like Google will detect the authorized email change. But it can help to request a re-verification if you notice issues.
Can I have multiple admin emails?
Yes, you can add more than one admin email to get notifications by setting up forwarding or using a plugin like WP Change Admin Email Pro.
Will changing the admin email disrupt my site?
Nope, changing only the admin email causes no disruption to your domain registration or site visitors.
Don‘t Get Locked Out: Update Your WordPress Admin Email
As WordPress site owners ourselves, we never want you to experience an admin email lockout.
By regularly changing and verifying your WordPress admin email, you can avoid some major headaches.
The good news is WordPress makes it easy to update your credentials right from the dashboard settings. Just be sure to complete email verification.
Alternative options like the WP Change Admin Email plugin or manual database edits are there if you ever get stuck.
Choose a professional custom email provider and take precautions like two-factor authentication for maximum security.
Your admin email is the ultimate key to your site. Treat it with care and change it periodically to thwart compromise attempts.
Here‘s to keeping your WordPress sites locked up tight! Let me know if you have any other questions.
