WordPress Password Management - Blogging, Small Business, Web Design & Hosting Tips - A Small Orange

WordPress Password Management

Photo by Intel Free Press

No matter how many security measures you set up with your WordPress site, almost all of them are only as strong as the password—or passwords—you choose. Unless you’re truly a newbie to the ways of the web, you know that you don’t choose an obvious password—no Jackson 5-inspired “abc123” or the paranoid “trustno1”—and you don’t use even the best password on every site you visit.

While any password is at risk of being compromised, your WordPress passwords are particularly vulnerable. Someone who breaks into your account can then enlist your site in a broad-based attack, making it more valuable than your social network login. Here are a few tips to create and manage secure passwords:

Know what a strong password is, and use one

While everyone recommends that you create a strong password, not everyone knows what one is, and even fewer people use strong passwords in every instance. But, choosing a strong password can keep you and your account safe.

A strong password is at least eight characters long (the longer the better), uses a mix of upper- and lower-case letters, and includes numbers and symbols, preferably in the middle. If you’re tempted to find work-arounds to make your password easy to remember (such as substituting a 3 for an E), consider creating a simple strong password (http://simplestrongpasswordgenerator.com/) that combines simple words into a memorable, but secure password. Alternately, you go to sites such as SafePassWD which will automatically generate random passwords that, while difficult to remember, are very secure.

Use a different password for each account, and consider a password manager

If you’re running a number of WordPress sites, or have multiple accounts on the same site, or are just one of those people who have dozens of account to tend to, you probably can’t remember a strong password for each and every account. But, a committed hacker can, after cracking just one of your accounts, worm their way into dozens of other accounts.

While most major browsers now have the capacity to save your passwords for you, if someone finds their way into your computer they can easily access all of your other passwords. Web-based password managers, like LastPass are a better option. Desktop-based password managers, like the open source KeePass are also good, though your access is more limited than a web-based solution.

Help Your Users Create and Manage Their Passwords

While you can easily control how often you use and create your passwords, it’s more difficult to keep track of the users who are authorized to use your site. With Simple User Password Generator, you’ll create strong passwords for your users by default, and encourage them to maintain passwords that won’t make your system vulnerable.

Use Two-Step Authentication

While all of the above steps will help you maintain password security, the best way to protect your accounts is to adopt two-step authentication, which requires users logging in from a new computer or other device to confirm their identity by entering an automatically generated code that was sent to their smart phone or other device. (If you use Google’s version, you already know how it works).

For WordPress, you can install the plugin WordPress 2-Step verification, which adds an extra level of protection to your account without adding too much trouble for your users.

Creating strong passwords and managing them well is critical for any secure WordPress site. Following these tips will make your site much safer without making it too difficult to access and use.

Save 25% off your first month with us on any hosting package.
Just use the coupon code “FACETWEET” when you sign up with us.
Get started here!

  • A great post not only for WordPress users but for ANYTHING that requires a password! LastPass is definitely good for the less tech-savvy crowd and has the advantage of working in all five major browsers along with Windows, Mac, Linux, and all the big smartphone platforms. I’m personally not big on storing my passwords in the cloud plus remember when LastPass had a security breech. For those that also feel that way and don’t mind something that requires a little more work, I really like Password Gorilla that also works on Windows, Mac, and Linux (but not phones).

  • Dane

    Good post. It’s still amazing some of the passwords people still use. This is also a good generator: http://www.strongpasswordgenerator.org and for password management 1Password is also a popular choice.

  • Joel

    Thanks for pointing out that Simple Strong Password Generator site. I hadn’t seen that before.

    Another site I use is http://random.pw.

    I agree, sites like these help tremendously, both when you need a crazy strong password, and when you just need something that’s memorable (and still strong).