Password cracking is a common practice malicious hackers (aka crackers) use to break into WordPress blogs.
They use password cracking scripts that repeatedly try to guess your password. Once their nasty script is successful, they gain unauthorized access to your WordPress administrative Dashboard and wreak havoc on your website.
Many times, they create new admin user accounts, add malicious malware that infects your visitors computers, wipe out your content, and/or deface it.
There are known website crackers that boast about hacking a minimum of 20,000 websites a day, on average. It’s time for you to step up your WordPress security and protect your blog!
In order to help reduce the risk of malicious hackers breaking into your WordPress blog, use strong passwords for all admins, contributors, authors and editors of your site.
How to generate a strong password for WordPress:
- Minimum of 14 characters, no less.
- Use a combination of upper and lower case letters, number and symbols such as ! ” ? $ % ^ & ).
- Passwords should not contain words in the dictionary, names or your website name. Use something you can’t remember!
- Use a strong password generator such as http://strongpasswordgenerator.com or use a password manager tool that has one built in (see below).
- Don’t use the same password twice for anywhere you login Online, including your FTP, cPanel, wp-admin, database, email, Twitter, Facebook, etc.
- Change your passwords often: monthly or quarterly.
- Keep it a secret. Don’t share your passwords with people you don’t trust.
- Don’t save your passwords on your computer, use an external hard drive, flash drive, or a password manager (see below).
How to store your strong passwords for WordPress:
Since saving your passwords on your computer is a security risk, my suggestion is to use a password manager tool such as LastPass or RoboForm. Both of these services offer a built-in strong password generator that quick and easy to use.
LastPass is free, easy to use and secure. All of your data is encrypted (AES-256) and only you can unlock it using your Master Password. Plus, you can use it from anywhere. They also have a premium version for only $1 a month.
*RoboForm has a free trial and charges around $19.95 a year. They use strong encryption (AES, Blowfish, RC6, 3-DES, 1-DES) and is used by Fortune 500 companies and the US government.
I have been using the free version of LastPass for about 6 months and love it.
Leave Your Feedback
If you have any other suggestions for our readers on how to use strong passwords or store them, please leave your comment below.
Securely yours,
Regina Smola
WordPress Security Expert
Follow on Twitter @WPSecurityLock
Become a Facebook Fan
*Denotes our affiliate link, see our Disclosure.
I prefer Keepass to store my passwords, but I will have a look at your suggests.
Hi AKamlieter,
Thanks for your suggestion. I know several people that use KeyPass as well. I have not tried it yet. How do you like it?
I have used Keepass for over a year. It is great! You can install it or run it from a usb drive (I prefer this). It has a master password. Much more on their site. Oh, and it is free.
Thanks again, Regina. Been using LastPass the last couple of days and it’s brilliant.
Wonderful tips! I’ll be sure to share this with my tweeps! This is must needed information. 🙂
Hi Erika,
Thanks for your comment and spreading the word.
~ Regina
Hi Regina
Thanks for an informative and useful post.
Think I’ll go with the LastPass premium – can probably manage $1 a month!
I know that I’m late to the party, but you say… “Minimum of 14 characters, no less.”
Would you recommend more than 14 on an admin wordpress password?
Hi Keith,
For passwords, something unique, long, and strong. Sometimes I use 25 characters.
Thanks for subscribing 🙂