On behalf of Password Day (Intel’s CSR), we thought it’ll be good to talk about ways to improve WordPress password security. And why one might ask? Well, if not for protecting your site from spam, you might want to secure yourself from hackers, right?
Having WordPress password security in place is one of the overall WordPress security questions – as we stated earlier – now we want to dig deeper into it. A strong password keeps your site safe and secure, protected from the cyber crimes. If not 100%, then pretty much close. Most often, it’s the first line of defense and the weakest link in the chain.
How to improve WordPress password security?
The most common way hackers try to hijack someone’s website is through stolen passwords, which are usually to easy to steal, to begin with. As often stated on various IT & Security conferences, the human factor is the reason websites get attacked and hijacked, to begin with. That is why we’re sharing these useful tips and specific do’s and don’t-s for you to follow.
WordPress password security do’s and don’t-s
- Don’t use revealing things, like your name, birthday, song lyrics, favorite bar or restaurant and similar. Those kind of things are very easy to discover, and you’ll be an easy target.
- Do use long, strong and unique passwords that are hard to guess, not like these. It’s best to use these kinds of combinations:
- Upper and lower case letters
- Numbers and symbols
- More than eight characters
- Don’t share your password with anyone and do not write it down. Remember it and protect is the same way you protect your PIN number.
- Do change your password on a regular basis. That way you prevent any unauthorized access and improve website security.
- Don’t use the password in several places, never. That’s what makes your site very vulnerable to attacks.
- Do use two-step authentication. WordPress.org has a great step-by-step explanation on how to do it properly.
- Don’t use „Remember me“ options on your computer, limit the ways your website can be attacked.
WordPress password security tools
In cases you find handling the password is hard, you can always use plugins and tools (password managers) made especially for that. Here’s just to name few we found reliable and useful.
Password managers keep your password safely stored in one place. With them, there’s no need to remember all of them and you manage all your passwords using only one – the master password.
Password manager that is fully encrypted. It remembers all your passwords and helps you login to sites with a single click. 1Password comes with five price options, for single, family and business use and you can try it free for 30 days. It is cross-platform as well as available for mobile devices, too.
Another password manager tool that remembers all the passwords for you. You can use it as a browser extension or as an app. Starts as a free feature, with various premium prices, too. Apart from all other features, LastPass has two-factor authentication, to further secure your site from attacks.
A free WordPress plugin that ensures you use strong passwords. Once it’s activated, it prevents the users of the website to change password into something that’s not strong enough. Cool little plugin that you should have, especially if you have a team of people on your site.
Now you know what’s needed to be done to secure your site from attacks. But… To have a secure WordPress password isn’t the only thing you should take care of. You should also take care of admin usernames, make them unique and different. Don’t just leave them as admin, which is usually the case, change them into something custom. Furthermore, you should change the Login URL and limit Login attempts. That way, you are preventing brute force attacks and keeping your site more secure. Also, make sure to always update WordPress, Themes, and Plugins and keep regular backups, just in case.
Might seems a lot, but you really want to ensure your site isn’t compromised in any way. Hopefully, we reminded you to do a checkup of your site, and maybe you learned something new. Either way, do share this article if you find it useful and let us know of any more ways to improve WordPress password security.