Generate a strong password: WordPress is the most common website building tool in the world, powering over 60 million websites. As a result, WordPress is not only gaining website developers’ interest, but also hackers’ attention. Reportedly, every minute of a day, over 90000 hack attempts are made on WordPress websites. Many of these hack attempts are made on the login page of WordPress, which is the site’s portal. Hackers will instal backdoors once they are inside, send spam emails, steal private information, and other items.
There are two fields on the WordPress username page (as you can see in the image below). There is a username field and a login field. We taught you how to build a powerful and special username in a previous post. In this one, we’ll tell you how to create a good WordPress site password.
Hack attempts such as Attacks by Dictionary and Brute Force are automated. Although bots attempt to break a password in any distinct combination of characters in Brute Force attacks, bots running dictionary attacks enter a list of widely used passwords to see whether a match occurs. Using a password that is weak or easy to guess (like p@ssw0rd or dummypass123) is as good as handing the hackers their password. Therefore, these passwords are easy to remember and very common. Hacker bots are programmed to test out certain common passwords when targeting your site. That’s why having a strong password is critical.
One study states that brute force and dictionary assaults on WordPress login pages alone have risen by 400 percent in the last year. This means that either brute force hacks are easier to execute (compared to other hack attacks) or with this style of attacks, hackers are experiencing improved performance.
Most website owners are not aware of the threat that their website presents to the hacker world. There is a common notion that hackers are only attacking massive websites. Although these days, hackers often attack many small websites because small sites are security-conscious and thus easier to break into. There is nothing worth going for on your website, you would imagine, but hackers have discovered lots of ways to use a website these days.
Another explanation that many owners of WordPress pages do not use solid passwords is that they are difficult to recall. Try a password such as ‘pd&&)xG56ZhLNrjl4jjNJ4#h’ to recall. This is a password developed on one of our test sites by WordPress for a user account we created.
But the issue facing website owners like yourself is that a simple password is crackable, but it’s difficult to recall a hard one. It’s worth noting here, too, that not all passwords that are tough to recall are impossible to break. ‘xkcd’ reveals in a common comic strip how certain passwords can be difficult for humans to recall, but easy for bots to crack.
This is precisely why we have agreed to write a post about how to create a secure password for your website.
How to Generate Strong Password for Your WordPress Site?
It can be a little difficult to create a good password. When making one, you need to keep a lot of points in mind.
Create Long Passwords
It’s made better with any character that you add to your password. Creating a password that exceeds 8-10 characters is a common rule of thumb. But the computing capacity of hacker bots has improved with time and technical development. That is why many security professionals today suggest passphrases. A passphrase is longer than a password and includes between-word gaps. Passphrases (albeit lengthy) are easy to recall, unlike long passwords. Look at the below example:
Long password: pd&&)xG56ZhLNrjl4jjNJ4#h (Hard to remember)
Long passphrase: It’s wolf was white as you know nothing John Snow (Easy to remember)
The value of using a passphrase is clear, but the issue is that not all login pages allow passwords to be that long or have gaps between words.
Use Uncommon Words
The more generic terms you use, the quicker it is to break your password for bots. As per SplashData analysis, let’s take a look at common terms used in passwords. This will give us an understanding of what popular phrases to avoid.
Numbers in order like ‘12345’ or ‘1234567890′. In the report by SplashData, 7 out of the top 15 worst passwords are numbers in order.
Letters in order like ‘abc123’ and even words like ‘qwerty’, ‘princess’ are some of the most commonly used passwords.
Popular interest-based passwords are increasingly used by website operators, such as ‘football’ and ‘baseball’. And Star Wars-related passwords are being used, such as ‘solo’ and ‘starwars’.
In the earlier point, we spoke about passphrase and it is worth noting here that it becomes easy to crack by Dictionary attack bots if you are using common terms in passphrases. Therefore, when creating a good password, you clearly avoid common terms.
Don’t Use Publicly Known Details
Suppose your name is Ruby, and you have built an author profile on a blog that uses the same name. This implies that with Ruby, you can have an author URL (look at the picture below). It’s a detail which is publicly available. It’s smart not to use the login password for that name. Since it is understood that hackers look up public information of people on websites to try to guess their passwords.
Details that are widely available should not be as intimate as a name. It could be something in which you are involved. Say you’re running a blog about Coldplay, your favourite rock band. We would recommend that you should not use the Coldplay term in your password.
Use a Combination of Uppercase, Lowercase and Special Characters
Hacker bots are programmed to add formulas to guess a site’s right password. Here’s one general formula used for password cracking:
(characters of a certain type in the password) number of characters of that type
(characters of a different type in the password) number of characters of that type
Bots are conscious that a particular character belongs to a certain set. They know that ‘a’ is a character in lowercase and belongs to a set of 26 alphabets in lowercase. They also realise that ‘A’ is a character in the upper case and belongs to a set of 26 alphabets in the upper case.
Bots are able to test out a few million codes per second, with a variety of such formulas in place. Therefore, it is possible that bots would take less than a second to crack your WordPress login credential if you have a basic password such as ‘password123.’ Using a mixture of upper, lowercase and special characters to create a solid password, which will annoy the bot so a pattern will not be detected. It will move on to the next goal and it will be secure for your web.
Now that we know how to create a good password, let’s see how to properly treat it.
How to Manage Strong Passwords?
Earlier, we spoke about how it can be hard to recall good passwords, or even impossible to remember. And that is why it’s necessary to save passwords. We’ll be looking at the various ways you can store passwords in the following paragraphs.
Write it Down
Write down on a slip of paper the secret. That way, unless hackers know your address and get into your building, they can’t steal it. That being said, writing down a password comes with threats of its own. It can also be robbed, or it can actually be lost to you. You will lose any single password that you have saved in it if you misplace the paper. Yes, you might have a backup document, but it would be a tragedy if the document falls into the wrong hands. In instances like this, changing all certificates is the only path forward.
Store it in a Password Protected File
Holding it on a removable storage unit, such as a hard disc or USB drive or a personal computer, is another way to store your password. You should make sure that the folder or the files themselves are secured by a password. It’s less likely that such a file would be misplaced or read by someone else. But the only catch is, you can lose the file-protecting password. If your computer (computer or USB or hard drive) is compromised, the files where the password is stored may become unreadable or, worst, may not be restored.
Use Password Manager
Using a password manager, you can use apps or a programme to save all the passwords in one location. It saves the password in an encrypted way on a cloud or local device. There are three types of manager with passwords. One in which a protection product provides the manager as a bonus feature. Two, a manager that saves the cloud credentials and provides services such as auto-filling forms. And a standalone password manager is the third one.
Although the use of a password manager has many benefits, there are also a few pitfalls. Hackers will attack servers where the password is saved by a password manager. LastPass, a common password manager, was hacked not once but twice back in 2016, as a case in point. Fortunately, white hat hackers got the act off, and no damage was done. To have access to files where the password is stored, often password managers use a ‘master password’. Therefore, you lose all your passwords if you lose your master password. And to retrieve your master password, there is no ‘Forgot my password’ option.
Towards You Over
Your first line of protection against hackers is a good password and username. But a reasonable way to maintain WordPress stability is to provide a range of defensive measures in place. Take a look at our guide on two-factor authentication, HTTP authentication, and switching the site from HTTP to HTTPS.