Having a secure WordPress password is the first step in securing your WordPress site. Some of us, me included fall into the trap of either choosing a very easy password to remember, or we still use the same password we used 20 years ago. Or, maybe even worse, choosing the same or similar passwords for all our logins: banking, Wi-Fi, network and our website.
I was chatting to an old friend who took over my IT administration position well over 2 decades ago, and we both were using the same or very similar passwords based on an administrator login we used then, the scariest thing is we used this same password across multiple platforms so we were both at risk.
But let’s get back to WordPress, regardless of what you may have read at its core, WordPress is very secure. Most problems arise from insecure or badly written themes and plugins, bad file or folder, security on the server or very easy passwords. I will be focusing on passwords for this blog entry.
I have seen WordPress password like ‘12345678’, ‘password’, ‘login’ and many other very easy passwords. These are the passwords for sites that have been hacked and we have been asked to get them live again. So unless you are President Skroob of the Planet Drudia where ‘12345’ is an acceptable password. Just don’t do it.
WordPress has made it a lot easier with creating very complex passwords on the new installs, they follow the CLU rules: Complex, Long and Unique. But this same rule should apply to all the passwords you use.
Example of Bad Passwords:
Examples of good passwords:
As you can see the long the better, it should contain uppercase, lowercase, numbers and symbols these types of passwords are almost impossible to hack. Also passwords should be changed regularly maybe once a month or even once a quarter. It is just so easy to become complacent about passwords.
So if you think your password is a bit insecure go change it. You can go change your password or any user’s password in WordPress by going to theme menu on the left of the WordPress Desktop: Users -> All Users.
Here you will see all the users that have access to your WordPress site. Open the user account and navigate down the page to the Account Management and click the Generate new password on new WordPress installs this password will be very long and complex on older installs you may have to enter one manually.
Passwords are one of your first lines of defense against a hack and making them complex and changing them now can only help. It is also one of many tools you can use to protect your WordPress website.