Hackers are smart. They are also persistent. They can afford to be because it’s bots doing the work. There are many, many things you can do to protect your WordPress website. But strong passwords is one of the easiest and most effect protections you can use.
For a deeper dive into your WordPress security options visit: WordPress Security – Is Your Site Secure.
How does this work?
Hackers have programmed their bots to look for WordPress sites. When they find one, they attempt to brute force their way into the Dashboard. Basically, they try common passwords over and over until the get in. There are lists of common passwords that are available to anyone who wants to find them.
What can you do?
WordPress no longer uses admin as the default username. If you have an older install your site may still be using admin. Bots will try this first. Don’t solve half the problem for them. Create a new admin user with an unusual username.
Then change the “Display name publicly as” to something other than the username. Finally, delete the old “admin” user.
Strong Passwords need to be, well, strong
What does this mean exactly?
At least twelve characters long. Fourteen characters are better. Use upper and lower case letters, numbers and symbols. Be sure the combination is random.
Password generators are very useful for this. There are any number on the internet but be careful. You want to be sure that the password generator isn’t a front for a hacker. It’s better to use password management tools. Here at Red8 we are split between 1Password and LastPass. They are both excellent. There are others but we’re familiar with these.
For example, I generated the following password using 1Password’s password generator: N+Nujm6m6+CFBY. It’s fourteen characters long, has numbers and symbols. According to How Secure is my Password it would take 2 billion years for a desktop PC to crack it.
But it doesn’t exactly roll off the tongue.
This is where the password managers come in. If you are like me, you have hundreds of logins to keep track of. Well, perhaps not hundreds. We build custom WordPress websites for our customers, which generates a lot of logins. But still, you have a lot to manage so use a tool like 1Password or LastPass. They work across platforms. They make it easy to manage passwords. Smartphone, desktop, tablet, you will have access to your login credentials regardless of the device you are using.
For a comprehensive review of password tools, you will find this post, How to Set Up a Strong Password on the Cloudwards blog quite useful.
We know that this is hard. We have customers getting locked out of their websites every day because we insist on using strong passwords. Don’t let the inconvenience of strong passwords stop you from securing your website. It’s the easiest thing you can do. Use technology to help.