WordPress is the most popular Content Management System (CMS) used to power digital assets of websites and blogs on the Internet.
In fact, about 75 million sites (representing about 26% of all sites) depend on WordPress to make their online presence known.
Because of its increasing popularity, WordPress powered platforms are normally targeted by malicious hacking attacks and other types of security vulnerabilities.
In early 2016, Wordfence, a site providing security plugin for WordPress users, reported over 6 million password attacks targeting over 72,000 individual sites within a 16-hour period.
And, what’s the most vulnerable point in the security of any WordPress site?
Yes, you are right, it’s the P A S S W O R D.
If an unauthorized person is able to guess, crack, or retrieve your password, then you could be in for a long, very long day.
Currently, with the modern advancement in technology, password-cracking techniques have equally become better. Some passwords could be very easy for a computer to break and strenuous for a person to keep in memory or type.
One of the most advanced password cracking tools can attempt up to 350 billion password guesses every second.
So, creating unbreakable passwords is key to maintaining the security of your blog.
Here are some useful tips.
- Keep away from the world’s worst passwords
In the current digital age, having a password to access your online accounts is simply indispensable.
SplashData, which focuses on making password management software, compiled a list of commonly used passwords among Internet users. The company analyzed the data from more than 2 million passwords retrieved in 2015.
If this list contains the password or its related combinations you use for accessing your WordPress site, then move swiftly to a more secure one.
Here is a list of the 25 commonly used passwords:
- Use a unique and creative password for your WordPress site
Do not make the fatal mistake of using the same password for your email account, social media accounts, and other places for accessing your WordPress website or blog.
Regurgitating your passwords is a risky affair you should avoid as plague. In case a malicious hacker discovers the password you use for one account, he or she could simply make your online life unbearable.
Desist from using names of places and dictionary words in your passwords. Currently, the methods of cracking passwords have advanced such that hackers are able to “brute force“; that is, try out different dictionary words and other common phrases to break the passwords.
Furthermore, to be unique, you can avoid using a password that’s related to your WordPress site and use a creative mixture of upper case and lower case letters, numbers, and symbols. This way, you will be making the work of someone trying to guess your password hard.
For instance, you can choose a random word or phrase and insert letters and numbers throughout it to increase complexity (such as “uTo7pyr$ll0%w4Ge”).
To make such complex passwords easier to remember but difficult for others to guess, you can take a sentence and convert it into a password by abbreviating words and creatively adding other memorable components.
For example, “I and my wife went for a holiday to Singapore for $3,500” could be “Iamww4@h2S4$35”. And, “Woohoo! I Blog Seven times a Week for money and fun” could translate to something like “WOO!IbG7#aWk4$+f”.
Here is how you can substitute some of the alphabets:
o= 0 (zero)
Better still, you can use convenience software like LastPass and 1Password for remembering your strong, complex passwords.
As earlier mentioned here at Legit Blogger, avoid using commonly used words or sequential patterns that make the work of hackers easy.
The reason why “1qaz2wsx” made it to the list of the 25 worst passwords of 2015 (though it seems to be strong) is because it’s based on a sequential pattern of the initial two column keys on a standard computer keyboard.
So, better be safe than sorry and inject uniqueness and some creativity into your passwords.
- Do not fall prey of “phishing” attacks
If you receive an email from your hosting company or another source prompting you to change the login details of your cPanel, update the login details of your site, or provide other sensitive information, be careful before responding to such a message.
Before clicking on any links, ensure that the source is legitimate or you may fall a victim of a “phishing” attack.
If you provide your password details to a malicious website, a hacker could get hold of the information and make you curse, instead of blessing, your blogging life.
- Consider using WordPress security plugins
It prevents WordPress users with administrative access privileges from entering weak passwords. With this innovative plugin, a user can only publish posts, upload files, or edit posts only with a strong verified password.
These plugins will incorporate an additional layer of security to your WordPress blog by using a combination of two separate security credentials, for example, sending you a unique code to your mobile phone each time you want to log into your site, in addition to requiring you to enter your usual log in details.
As the name suggests, this innovative plugin will restrict the number of times a user can enter a password to gain access to a site. Therefore, someone trying to use a brute force attack to compromise your site has fewer chances.
With this powerful plugin, your WordPress site will be protected from malicious attacks by giving you frequent security updates, enforcing strong passwords, and accomplishing several other things.
- Length of password is key
The longer the password, the more secure it becomes in protecting your digital assets from malicious intrusions. It’s recommended to have passwords of at least 8 characters long. A good way to have longer passwords is to use passphrases.
Passphrases are just like passwords apart from being constructed from an unsystematic mixture of words, instead of just a single word. For example, press demonstrate blog million.
To create a passphrase, simply select a list of random numbers or use the free password creator tool. Thereafter, you can add some extra layer of robustness by a mixture of symbols, upper case letters, and lower case letters. Remember to avoid placing words in an easily predictable pattern and including easily identifiable phrases.
Furthermore, to have longer and stronger passwords, you can consider using a password manager. With such an application, you can safely create strong, lengthy passwords, which are kept in a secure database.
You can use a single passphrase to access the password manager; thereafter, the application will automatically enter your details on the login page of your WordPress site.
Because of the innovative capabilities of the password managers, it will not be necessary to remember your lengthy passwords every time you want to login into your site.
Click here for a list of the best passwords managers you can consider using.
- Keep your backup password options secure and up-to-date
Since WordPress.com uses your email address as the primary means of identification, you need to ensure that you frequently update your recovery email address.
Failure to keep the details of your email address up-to-date and secure could make an attacker to easily reset your passwords and login to your WordPress site.
Most free email service providers, such as Gmail and Yahoo mail, have a multi-factor authentication process.
When you enable this feature on your email account, you will be required to enter a short code sent to your mobile device and answer a series of security questions before accessing your account from an unrecognized device.
This way, the possibility of your account going into the wrong hands is greatly reduced.
- Be proactive
- After creating a password, check its strength using this free tool. If it’s weak, you may continue modifying it until you get something solid.
- Change your WordPress login details as frequently as possible. Using “Admin” as username and the name of your site as the password without frequently making improvements could land you into the land controlled by hackers.
- Do not dish your passwords to anyone, even your “close” friends. You may never know how much they are concerned about the security of your site.
- If you have to send your passwords through email, use a secure method of transmission such as com and select the password expiry time. If you send naked passwords through emails, which are rarely encrypted, the bad guys could get old of them.
- When on a public computer, avoid saving your passwords or using the “Remember Me” feature, Further, watch out for people trying to look at your screen over your shoulder and remember to log out or close down your computer after you have finished your work.
Having your site compromised by an attacker is a horror that few webmasters are prepared to endure. Ensuring that your site is up and running normally after a successful attack requires thick skin, patience, and money.
Nonetheless, security issues are vital for the optimal performance of any WordPress website or blog. Therefore, instituting ample security measures beforehand is normally better than tackling the aftermath.
Fortunately, the robust WordPress platform, which is trusted by a large number of site owners, is generally very safe. And, one of the vital ways of keeping a WordPress site free from attackers is by vigilantly using strong and secure passwords.