Hackers are smart. They are also persistent. They can afford to be because it’s bots doing the work. There are many, many things you can do to protect your WordPress website. But a strong password is one of the easiest and most effective protection you can use.
For a deeper dive into your WordPress security options visit: WordPress Security – Is Your Site Secure.
How does this work, how do I protect my website?
Hackers have programmed their bots to look for WordPress sites. When they find one, they attempt to brute force their way into the Dashboard. Basically, they try common passwords over and over until they get in. There are lists of common passwords that are available to anyone who wants to find them.
What can you do?
WordPress no longer uses admin as the default username. If you have an older install, your website may still be using admin. Bots will try this first. Don’t solve half the problem for them. Create a new admin user with an unusual username.
Then change the “Display name publicly as” to something other than the username. Finally, delete the old “admin” user.
Strong Passwords need to be, well, strong
What does this mean exactly?
At least twelve characters long. Fourteen characters are better. Use upper and lower case letters, numbers and symbols. Be sure the combination is random.
Password generators are useful for this. There are any number on the internet but be careful. You want to be sure that the password generator isn’t a front for a hacker. It’s better to use password management tools. Here at Red8 we are split between 1Password and LastPass. They are both excellent. There are others, but we’re familiar with these.
For example, I generated the following password using 1Password’s password generator: N+Nujm6m6+CFBY. It’s fourteen characters long, has numbers and symbols. According to How Secure is my Password it would take 2 billion years for a desktop PC to crack it.
But it doesn’t exactly roll off the tongue.
This is where the password managers come in. We build custom WordPress websites for our customers, which generates a lot of logins. If you have a lot of passwords to manage, use a tool like 1Password or LastPass, and it won’t be hard. They work across platforms. They make it easy to manage passwords. Smartphone, desktop, tablet, you will have access to your login credentials regardless of the device you are using.
For a comprehensive review of password tools, you will find this post, How to Set Up a Strong Password on the Cloudwards blog quite useful.
Protect my Website – Conclusion
We know that this is hard. We have customers getting locked out of their websites every day because we insist on using strong passwords. Don’t let the inconvenience of strong passwords stop you from protecting your website. It’s the easiest thing you can do. Use technology to help.