Weak passwords suggest weak security
With the fast evolution and upgrade of WordPress, hackers have also been on the look-out for glitches and weak points in your WordPress website.
Don’t let your password be your website’s weak spot
“It’s important to have strong passwords because 81 percent of hacking-related breaches are due to weak or stolen passwords, according to the 2018 Verizon Data Breach Report,” says Darren Guccione, CEO & Co-Founder of Keeper Security. “Passwords are the single easiest entry point you can protect.”
Password-cracking techniques have matured quickly and significantly in the past few decades, but the way we create our passwords hasn’t kept pace. Read through the following tips and double-check your own password. If you feel your password isn’t secure enough, we strongly recommend that you change it.
Security tips to help keep your website safe
- Never re-use a password; each account should have a different password.
- Do not use “admin” as your WordPress username.
- Never share your password to anyone else.
- You should have a long password (fewer than 12 characters is not considered safe).
- Your password should consist of numbers, symbols and both upper and lower case letters.
- Use Two-factor authentication for your WordPress login.
- Do not use common passwords such as query, 123456, 1111111 etc.
- Change your password every 120 days or so. Set yourself a reminder!
- Each person with access to your WordPress site should have their own logins.
There are many different approaches to generating a strong password, but password managers and passphrases are the best.
Use a password manager
A password manager is a software application on your computer or mobile device that generates very strong passwords and stores them in a secure database. You can then install the browser extension for the password manager so you can easily autofill your login information.
You never have to worry about choosing a good password, remembering it, or typing it again. This is the easiest and most secure method available today, and we strongly recommend that you use it.
Our team uses RoboForm. Check it out here.
Don’t use the same passwords
As security breaches have become increasingly common, that’s another reason to keep mixing it up when it comes to your password.
If you use the same email address and passwords for multiple websites that you log into, what happens when one of those websites gets hacked?
Your email address and password are now on a list that will be used to try to log into other websites around the internet. If you use the same email address and password for all your websites, now the hacker will be able to log into all your accounts!
Admin as a username is a big NO
Admin is the default username of WordPress website. Attackers know this and use it to try to access WordPress sites. One simple way to combat vulnerable logins is to not use default usernames.
Enforce and use only strong passwords
Require users to use only strong passwords especially if your website has multiple users. While you may have a strong password, if someone else doesn’t, your website is still at risk.
The inbuilt password manager in WordPress can create a strong password combination for you, so take advantage of that function.
Change your password frequently
Changing your password regularly reduces your risk of exposure and avoids a number of dangers. A hacker may try to access your account more than once over a period of time. Changing your password reduces the risk that they will have frequent access.
If you lose or change computers, it is possible someone may gain access to your saved passwords. Consistently changing your password means that even if someone finds an old, saved password, it will no longer be useful.