Photo by Intel Free Press
No matter how many security measures you set up with your WordPress site, almost all of them are only as strong as the password—or passwords—you choose. Unless you’re truly a newbie to the ways of the web, you know that you don’t choose an obvious password—no Jackson 5-inspired “abc123” or the paranoid “trustno1”—and you don’t use even the best password on every site you visit.
While any password is at risk of being compromised, your WordPress passwords are particularly vulnerable. Someone who breaks into your account can then enlist your site in a broad-based attack, making it more valuable than your social network login. Here are a few tips to create and manage secure passwords:
Know what a strong password is, and use one
While everyone recommends that you create a strong password, not everyone knows what one is, and even fewer people use strong passwords in every instance. But, choosing a strong password can keep you and your account safe.
A strong password is at least eight characters long (the longer the better), uses a mix of upper- and lower-case letters, and includes numbers and symbols, preferably in the middle. If you’re tempted to find work-arounds to make your password easy to remember (such as substituting a 3 for an E), consider creating a simple strong password (http://simplestrongpasswordgenerator.com/) that combines simple words into a memorable, but secure password. Alternately, you go to sites such as SafePassWD which will automatically generate random passwords that, while difficult to remember, are very secure.
Use a different password for each account, and consider a password manager
If you’re running a number of WordPress sites, or have multiple accounts on the same site, or are just one of those people who have dozens of account to tend to, you probably can’t remember a strong password for each and every account. But, a committed hacker can, after cracking just one of your accounts, worm their way into dozens of other accounts.
While most major browsers now have the capacity to save your passwords for you, if someone finds their way into your computer they can easily access all of your other passwords. Web-based password managers, like LastPass are a better option. Desktop-based password managers, like the open source KeePass are also good, though your access is more limited than a web-based solution.
Help Your Users Create and Manage Their Passwords
While you can easily control how often you use and create your passwords, it’s more difficult to keep track of the users who are authorized to use your site. With Simple User Password Generator, you’ll create strong passwords for your users by default, and encourage them to maintain passwords that won’t make your system vulnerable.
Use Two-Step Authentication
While all of the above steps will help you maintain password security, the best way to protect your accounts is to adopt two-step authentication, which requires users logging in from a new computer or other device to confirm their identity by entering an automatically generated code that was sent to their smart phone or other device. (If you use Google’s version, you already know how it works).
For WordPress, you can install the plugin WordPress 2-Step verification, which adds an extra level of protection to your account without adding too much trouble for your users.
Creating strong passwords and managing them well is critical for any secure WordPress site. Following these tips will make your site much safer without making it too difficult to access and use.
Save 25% off your first month with us on any hosting package.
Just use the coupon code “FACETWEET” when you sign up with us.
Get started here!