Continuing series on security tips for WordPress users, in this article, I will show you strong password ideas to protect your website against hackers.
Weak password is one of the reasons causing your website to be vulnerable to hackers. The most effective password cracking method is revealed to be capable of making up to 350 billion guesses per second and there’s no doubt that this figure will increase dramatically in the coming years. It is clear that a not-strong-enough password cannot withstand current hacking techniques. Once attacking your WordPress site, hacker will take control of your site and who knows what they will do with it.
1. Store passwords in a Password Manager
Password manager is an application that helps you generate strong passwords and store them in a secure place. You just need to remember the master password to login to your account in the password manager. Using a password manager is very convenient since you don’t have to remember the passwords but are still able to secure your sites. I myself am utilizing this method protecting my sites, so I strongly recommend you try this.
A password manager is simple to use.
- Choose one application you like. I prefer LastPass.
- Install in on your computer.
- Install the corresponding extension for the browser you use.
- Create your account in the application.
Now you have your application setup. The next step is adding the sites you want the password manager to remember.
- Add website URL, fill in username, generate password.
Impossible to remember this password!!!
Don’t worry, the application will remember this difficult password for you. The next time you want to access these sites, just open your password vault on the computer and click on the site you want to go to, it will automatically fill in username and password fields for you. The steps are similar on the web browser. Typing the website URL and clicking login since your username and password are already filled in.
2. Create Passphrases (Instead of Passwords)
Passphrases are a random collection of words, which make it a “phrase”. A passphrase is considered a secure method for your website. It is longer than the simple traditional method, and is easier to remember since you can make it up on your own. Though passphrases are not as secure as passwords generated in method 1, it is still a good to go in case you don’t want to install a password manager.
Creating a passphrase is quite easy. First think of some random words whose meanings should not relate to each other, then add other special characters like symbol, number, capital letter. Your passphrase can be something like: home* Complicated?! Sensible 25 Firm & random 3#.
3. Use Two-step Authentication
This method offers two steps to access your WordPress site. The first step is typing your password, the second one is filling in the digit code sent to your phone. One code is valid for only one login session. If you often make online transactions with Internet banking, you’ll be familiar with this method: an OTP (one time passcode) is incurred per transaction session and is sent via your phone.
Two-step authentication is even more secure than a strong password as it requires 2 layers of security for your WP site. Even when your password is correctly guessed, hackers cannot take control of your site unless your phone is stolen! There are a number of two-step authentication plugins developed for you to choose from. One of the popular plugins is Two-Factor Authentication,
You can login using username + password + two-factor
…or username + two-factor
Then, enter your OTP. Besides OTP over SMS, 15+ authentication methods are supported.
4. Force other users to use strong passwords
In WordPress, besides Admin, other users whose roles are Editor or Author can login to your site and make change to the contents. The fact that these users use weak passwords will cause danger to your site security. Not only you but also other users should be required to use strong password.
You can use Force Strong Password plugin to apply strong password enforcement when users with roles Admin, Author, and Editor attempt to change password.
Creating a strong password is not difficult at all while it can keep your site one step safer from website attacks. If your current password is not strong enough, consider updating it now.
This article is a part of the series introducing Basic security tips for WordPress websites.
- Change WordPress admin username
- Secure site with strong password ideas
- Limit login attempts
- Choose a quality host following web hosting security concerns
- Use the latest version of WordPress
- Use WordPress backup plugins
Editor of EngineThemes
Featured image designed by Freepik.