Password best practices

Nov 15, 2022 | Security

Securing your WordPress site starts with a strong password. A strong password is complex and elaborate. It isn’t easy to guess since it doesn’t contain recognizable words, names, dates or numbers. While we wouldn’t suggest picking a password containing less than 20 characters, we can certainly understand it can be hard to remember a random string of letters, numbers and special characters. But in general, the more characters and complexity, the better.

So we would suggest that you uphold the following guidelines when creating a strong password:

  • At least 20 characters (preferably more)
  • Use lowercase and uppercase
  • Containing numbers
  • Containing special characters such as a question or an exclamation mark

Example

A good password that upholds all of the guidelines above could be “As32!KoP43??@ZkI??L0d”.

Things you should absolutely avoid

Names or words that can be easily linked to you:

  • The name of your partner or kids
  • The name of your pet
  • The name of your company
  • The name of your favourite sports-team or car brand
  • The year in which you were born
  • Your birthday

All these items are personal (mostly public) information and thus possible risks for social engineering. So avoid these at all cost!

Example

If you’re name is John Rogers and you were born in 1976, “JohnRogers1976” would be a really bad idea for a password.

Generic password elements:

  • Number sequences like “123” or “54321”
  • Using generic words like “admin”, “administrator”, “pass”, “password”, “blue”, “house”…

These kind of elements are the first terms that are tried by hackers when attempting to brute force your password, so please avoid these too.

Example

Obviously, the password examples below are horrible passwords and NOT SECURE:

  • MattMullenweg2018
  • admin123

You should also avoid using the same password on multiple sites or accounts.

Keeping track of your passwords

Since complex passwords are a real necessity these days, it can be a real burden to remember every single password. And thus most people resort to using a password manager to keep track of their different passwords. These password managers actually become a vault for your passwords, secured by one complex master password. They also have functions to automatically (or on your command) enter the stored password for you. This way you only need to remember your one master password to access the password manager vault.

Popular password managers

  • 1Password
  • Dashlane
  • KeePass
  • LastPass
  • Roboform

Most password managers are a paid service, however if you’re looking for a free solution, you’d might want to check out KeePass.

Source – https://wordpress.org/support/article/password-best-practices/

Related posts

WordPress Security

WordPress Security has always been food for thought. Even though most of the latest updates deal with WordPress security issues, there is still a lot that can be done to improve that security. Here, I’d like to elaborate on some suggestions on how to improve security...

read more

Pin It on Pinterest

Share This