WordPress owns the market share of websites on the internet according to many studies done on top Content Management Software (CMS) solutions. One of the biggest reasons, and probably the best reason, for this is that WordPress is FREE! Another is that WordPress is open source, meaning that the code and files that go into WordPress are available to everyone under the GNU General Public License. WordPress itself is free but WordPress development services are not. There are many developers and contributors to WordPress which makes it so powerful but tricky to balance code quality. I will save this for another article…
One study by W3Techs shows WordPress powers 59.2% of the to 10 Million websites on the internet with the runner up being at 6.1%. WordPress is powerful, free and a HUGE target for hackers. See the results of this survey here.
One of the most common forms of attack on WordPress websites is what’s called a brute force attack. Essentially, hackers program robots to crawl the web and search for WordPress installations. Once found, the robot picks the most common username, “admin”, and begins to try every possible combination of password until it is cracked.
Tip: Never use the default username.
For WordPress it is “admin”.
It is also becoming standard practice for website accounts to use emails as the username so it is easier for users to remember. The robots will also try what they think would be a typical email username. For example, firstname.lastname@example.org or email@example.com. If the robot can guess your username it has solved half the puzzle right off the bat.
The other half of the puzzle is making it as difficult as possible for the supercomputers to crack. We are all well aware and somewhat annoyed with the password requirements that website require but it is very important. Recently a supercomputer was revealed that can run 350 billion different combinations per second! This computer can crack a 6-character password almost instantly.
Let’s do the math. Say you have a 6-character password consisting of just lowercase letters. There are 52 letter combinations for each character:
52 x 52 x 52 x 52 x 52 x 52 = 19,770,609,664 possible combinations
At 350 billion combinations per second a 6-character password would get shredded. This is exactly why websites have such strict requirements. Add uppercase, numbers and special characters to the mix and you end up with:
144 x 144 x 144 x 144 x 144 x 144 = 8,916,100,448,256 possible combinations
Using uppercase, lowercase, numbers and special characters is good but is still no match for the supercomputers. The real strength comes with using longer passwords. You can see from the pattern that a 25-character password would be a huge number of possibilities and would take many years to crack using a brute force attack.
I know what you are thinking. How am I supposed to remember a 25-character password? That is where the password manager comes into play. There are some great password managers out there but I use LastPass and I will be showing you some examples of how
LastPass will change your online life.
Say goodbye to spreadsheets and your old beat up password keeper notebook. Using a password manager such as LastPass you will only need to remember one password for all your online accounts. Upload all saved passwords from your browser automatically and start your security challenge. You may be surprised how vulnerable your accounts are…
Passwords that are compromised, weak, reused or old can be automatically changed using the LastPass password generator with one click.
- Store securely
- Autofill & Auto Login
- Multiple accounts at the same site
- Available on any device (Premium)
- Strong password generator
- Automatically saves login when new accounts are created
- Password audit
- Auto-Change Passwords
- Secure notes for offline pins, combos & passwords
- Share passwords securely
- Two-factor authentication
- Plugins for all browsers
- Apps for smartphones and tablets
- App fill
- Fingerprint support.
- Local encryption with most secure algorithms available
- Offline access
Using a password manager requires you to remember a single password. The trick is to make this password long enough to be secure but easy to remember. One way to do this is to use passphrases. Basically a passphrase is a combination of random words that are easy to remember. A good passphrase generator can be found at preshing.com but it is best if you think of your own. Feel free to use spaces as well. Remember, we are going for length which is the most secure.
When using passphrases:
- Do not use common sayings
- Do not use quotes (I’m not talking about the punctuation symbol)
- Do not use song lyrics
Below are some general tips from WordPress.com for all passwords:
- Don’t use the same password twice. If you reuse passwords from site to site, then someone who hacks into one site will be able to login to your account on other sites. LastPass will check all your accounts for duplicate passwords.
- Make sure your email password is also strong. With many online services like WordPress.com, your email address serves as your identification. If a malicious user gains access to your email, they can easily reset your passwords and login to your account.
- Don’t share your passwords. Even if you trust the person, it’s possible an attacker could intercept or eavesdrop on the transmission, or hack that person’s computer. Use the LastPass secure sharing feature to share passwords.
- Don’t send your password to anyone in an email. E-mails are rarely encrypted, which makes them relatively easy for attackers to read. Again, use the LastPass secure sharing feature to share passwords.
- Don’t save your passwords in a web browser. They often fail to store the passwords in a secure manner.
- Don’t save passwords or use “Remember Me” options on a public computer. If you do, then the next person to use the computer will be able to access your account. Also make sure you log out or close your browser when you are done.
- Don’t write down your password. If it’s written down somewhere and someone can find it, it’s not secure. Store passwords in LastPass instead, so that they’ll be encrypted. The exception to this rule is storing unrecoverable passwords (like the master password for LastPass, or your operating system account) in a secure manner. One good way to secure them is to keep it in a safe deposit box, or locked in a safe.
Don’t change your passwords, unless you suspect they’ve been compromised. As long as you have the type of strong password recommended in this article, changing it frequently will not do anything to minimize the risk of it being compromised. Because changing them can be a burden, it often tempts people to adopt bad practices in order to make the process easier, which increases their vulnerability to attacks. If you suspect someone has gained access to your account, though, then it’s always a good precaution to change your password.
That's it! Make sure to check out our other tutorials for more WordPress tips & tricks.
WEBDOC HOSTING | WORDPRESS Increasing Memory Allocated to Wordpress David Curtiss The WP_MEMORY_LIMIT option allows you to specify the maximum amount of memory that can be consumed by PHP. This setting may be necessary in the event you receive a message such as...
Learn how to create a transparent blurred overlay for a Divi section similar to the iPhone.
Want new articles before they get published?
Subscribe to our Awesome Newsletter.