If the passwords for your WordPress sites are anything less than say, 15 characters, and/or they are the 6 digits of your birth-date, or it looks something like
p4ssword, then you need to find your nearest human and politely ask them to slap you. Twice.
You’ve clearly heard all the advice before now, but have ignored it.
If you have a strong, long password with a healthy mixture of all types of characters then you can stop here and move on to something more useful.
Otherwise, please keep reading.
Passwords are your weakest security link
Really? Don’t just take my word for it.
But it’s really hard to remember all my passwords if they’re different.
I can’t remember really long passwords.
If I have good server / site security against brute force attacks, passwords don’t really matter so much.
Why would anyone attack me?
The merits of the last one is something to cover in another dedicated article. It usually goes away after someone’s site has been hacked… such is human nature.
Otherwise, the points about having different, very long passwords for each and every service and website makes it nearly impossible to remember them all is completely fair.
You’re right, and you shouldn’t have to remember them.
Your WordPress websites deserve strong, unpredictable passwords from the outset. It’s a very easy to do and to maintain. With the right tools at hand, the effort is ZERO and your weak passwords are a thing of the past!
Tools for strong passwords for WordPress and other websites
I’ve been a long-time user and advocate of strong, unique passwords for all accounts I use online. Whether that’s a new service I sign-up for, or a WordPress site I manage… I create a brand new, unique, strong password.
My passwords are typically in the range of 20-40 characters and a mix of numbers, letters and punctuation. I can’t do this alone however.
I use a tool called LastPass – get it here.
LastPass has an add-on for all major web browsers and will help with generating new passwords and automatically filling in sign-up forms when you need to login.
It does a whole lot more, but this is really the basics that you need to start getting your security in order.
Here are some more huge advantages of using a password manager:
- no more forgetting login usernames for websites and web services
- option to generate very strong passwords for every site you use
- integrates with all major web browsers on major platforms
- option to store secure notes and other custom style security data
- phone apps (with premium purchase)
- the standard service is free!
To learn more about this, I found a YouTube video here to help introduce you to LastPass
For a review of a range of password managers, check out this link.
Integrating a password manager into your workflow is critical to your overall online security, and of course to your WordPress site security since it affords you the ability to have strong WordPress admin passwords.
Once you get an account set up with them, start and progressively work through your passwords and update them to something stronger, and unique. Relating to WordPress sites specifically, update:
- web hosting control panel passwords (e.g. cPanel, Plesk)
- web hosting account passwords (e.g. Hostgator)
- domain name registrar passwords (e.g. Godaddy)
- WordPress admin passwords
- your webmaster email passwords
You don’t have to do them all right now, but each time you login to a new account, create a new password and save the update in your password manager. Easy!