WordPress Passwords and Security
I maintain many WordPress powered web sites and keep a reasonably regular routine of ‘under the hood’ oversight. I make sure that software and plugins are up-to-date and that security.is as good as it can be while keeping a smoothly running site.
For good security (and peace of mind) a strong user password is essential.
A good password will make it hard for unauthorised users to guess and hard for a malicious attack to succeed. Automated Brute Force attacks on a web site can be relentless. Recently I experienced in excess of 1,000 attempts to break into my own web site in a single day.
The results of a successful attack is bad for everyone. Your site may become a platform for spammers, content can be compromised and, once inserted, damaging code can be very difficult and time consuming to remove. Inserted code could affect everything on your host server and your web host may even shut your site down.
What to do?
Wordpress now has a password strength meter to help you select a password that will better secure access to your site.
Common weaknesses are avoidable:
- Don’t use any permutations that relate to your own real name, initials, username, business name or the name of your web site.
- Try not use a word of any language that can be found in a dictionary.
- Do make it long.
- Do mix numbers and words.
If you are still uncertain:
- Consider using an automatic password generator.
- Consider enabling ‘two-step authentication’ for additional security.