Why and How To Choose A Secure Password For Your (WordPress) Website

If you follow my weekly “Best Blog Post” series you have seen many scary reports about an increasing wave of brute force attacks on WordPress sites. These report are strong reminders to secure our accounts with a good, secure password.

At any given time I’m helping several website owners taking charge of their website or helping to fix errors and I am amazed by the number of websites that don’t have the most basic security and SEO functionality installed or activated. And what is even more surprising is that most of those are not set up by hobby bloggers but purchased from developers.

Ok, I’ll stop ranting 🙂

Bottom Line: Stop using “admin” and weak passwords!

For WordPress the easiest way to do this is to create a new account with administrator rights, associate your posts with the new account and delete “admin” as a user.

If you don’t want to deal with all that back-end stuff, contact your webmaster or…send me an email

But what is behind all of these scary reports?

In cases like these I like to contact my trusty network of helpers and my friend Cate Eales of Computer Care Kelowna happens to have a lifetime of experience in computer and network security. Cate operates a mobile computer business, Computer Care Kelowna, providing on-site service for home and business customers. Her weekly column, “Getting Along With Your Computer” appears Mondays on castanet.net. The column archive is available any time at the column archive.

First I asked Cate to explain what all the fuss is really about:

• What is a brute force attack?
• What is a “bot-net”?
• How do hackers get my passoword?

Brian Krebs is a well-known security expert, and I got some of the information from this blog post: http://krebsonsecurity.com/2013/04/brute-force-attacks-build-wordpress-botnet/.

One things I like about Cate’s advice is that she does have well founded suggestions for what to do.

(apologies for the first 1.5 minutes of silence - you can drag the little number to forward)

Summary:

• Create a strong password
• Use a login that is not a common login
• What a strong password really is
• Don’t use a word that can be easily guessed
• The best way to create a password is using a phrase

You want to use these strong passwords and you want to be able to remember them

Ways to remember:

• Keepass
• LastPass
• Roboform
• 1Password
• Word / Excel file
• Pencil & Paper but no sticky note 🙂

What account name should you use instead of admin.

Sutton is known, albeit apocryphally, for the urban legend that he said that he robbed banks “because that’s where the money is.” ~Wikipedia

Here are more valuable resources Cate shared with me:

• The Sucuri Blog is here: http://blog.sucuri.net/.
• If you ever want to check your (WordPress) site to see if it’s serving up malware or blacklisted, try the (free) SiteCheck API here: http://sucuri.net/services/sucuri-sitecheck-api.  It’s awesome.
• I drew heavily from a blog post about the Brute Force timeline here: http://blog.sucuri.net/2013/04/the-wordpress-brute-force-attack-timeline.html.

[hr]

• Bio
• Twitter
• Facebook
• LinkedIn
• Latest Posts

Frithjof

I am the the founder of BlueBird Business Consulting (formerly Tweet4Ok). My focus is on Social Media strategy and education. My blog covers topics ranging from how-to social media posts to more general topics of concern for a rapidly changing digital world. Favourite quote: “To succeed in the business of the future we have to become the very people we are trying to reach” ~ Brian Solis

@bluebirdbc

Digital strategist / #SocialMedia coach, blogger, and speaker / Community manager. Oh, and I fix #WordPress websites.

How to us #Twitter as a #research tool via @SurveyRock https://t.co/Elyirg5jxD #SocialMedia #Marketing - 2 hours ago

Latest posts by Frithjof (see all)

• What is Organic Reach - BlueBird Dictionary - July 5, 2016
• BlueBird Dictionary Posts - July 5, 2016
• My Interview with Sean Smith - June 29, 2016