Symen

The usual security advice with unraid is "don't expose your unraid server to the internet." There was a huge security flaw in the web UI some versions ago (< 6.8.1 according to a quick google search, don't quote me on that), and the devs said something along the line of "Yeah we fixed it but unraid is an appliance so it's ok"... The worst part is not that there is a default "root" user, but everything runs under root. If there is a security issue with any of the programs running on your unraid machine, full acces for the attacker. In short, use a vpn server to access your local network. With that said, if your root user has a strong-enough password, brute-forcing is not an attack vector at all. Changing the root username is just security by obscurity, which doesn't work if someone really wants to hack you.

The "root" login will always be tried by bots when they find an ssh daemon. I had tons of failed logins to my server (not unraid) before I finally switched to a vpn configuration. I would strongly recommend you have a look at it if you want to access your server from outside your local network, it's pretty easy to setup.