Password Security Tips

blue elephant wordpress password security tips blog

WordPress Password & Username Security Tips

If your planning to have your first WordPress website or already have one, to put it bluntly: your site probably could be under attack as your reading this from hackers, and are looking to break into your WordPress site. That’s a fact. If you’re thinking that your site is too small or new to earn the attention from hackers, think again!

It’s your responsibility to ensure that your WordPress websites are secure. (Because it is.) That said, there are instances where you have very little control over the vulnerabilities that can happen, but as WordPress user I’m referring to users who don’t abide by smart and safe username and password practices.
To be fair, think about how many names, numbers, birthdays, addresses, facts, and so on that you have to keep track of on a daily basis. Then think about how many applications you use that you log in and out of as well. The last thing you or anyone else wants to do is to have to memorize a unique and complicated password for each one of them. But strong username and passwords are there for a reason. You can’t skimp on securing a website (or, if you’re a user, your private information) simply because you don’t want to generate a better password than the one you created for yahoo, hotmail or Gmail five years ago. Same goes for all your users.
So, let’s talk about WordPress passwords firstly and why they play such an important role in fortifying your WordPress site’s security.

Why does WordPress even bother with this? Well, it’s because a weak password can open websites up to many risks and hackers are fully aware of this! Because of WordPress popularity it makes it a target, and it can be an easy target if correct security measure have not been implemented, to make thing crystal clear to understand severity of attacks, various leading security firms that specialize in WordPress security have reported that in 24hr period there can be over 6,000,000 attacks targeting over 70,000 websites directly, Without extra security measures in place, all it would take is for one particularly weak user password to succumb to this type of brute force attack. And then where would that leave you? Your site, your users, and any visitor that arrived at your site could potentially be exposed to this vulnerability or find-out you’ve been blacklisted by Google!
So, let’s not allow that to happen.

The Blue Elephant guide to creating strong Password

When it comes to passwords, one thing is certain: Size matters. Adding a single character to a password boosts its security exponentially. In a so-called “dictionary attack,” a password cracker will utilize a word list of common passwords to discern the right one. The examples below shows the difference that adding characters can make when it comes to security.

For instance, if you have an extremely simple and common password that’s seven characters long (“abcdefg”), a pro could crack it in a fraction of a millisecond. Add just one more character (“abcdefgh”) and that time increases to five hours. Nine-character passwords take twelve days to break, 10-character words take 21 days, and 11-character passwords take approximately 13 years. Make it up to 12 characters, and you’re looking at 200 years’ worth of security, but one think you should be aware of as computing power becomes stronger in few years a 12 character password will not be as strong!

Generated strong password examples like “284u8+1VH!4a4”, yes its a great password, but trying to remember it is another thing entirely, lets now look at ways to create strong remember-able password;

  1. ilikecake -9 character password this would take 12 days to crack.
  2. ILikeCake -Same 9 character password, but capitalizing 3 characters this would take 13 days to crack.
  3. I2LikeCake -10  character password, adding number character set this would take 21 days to crack.
  4. I2Like8Cake -11 character password this would take it up 13 years to crack.
  5. I2Like-8Cake -12 character password this would take it up 2 centuries to crack.
  6. I2Like2-8Cake – 13 character password this would take it up 13 centuries to crack.
  7. I2Like2-8Cake=2018 -To finish it off this is 18 character password, today were looking at 10,000+ centuries!

Think about the password string I have created, with use of number and symbol character set it sounds like this phrase “I too like to eat cake during 2018”, to sum up the password guide, passwords should contain bare minimum of 12 characters but preferably 14+ characters.

If you wish to test password strengths, please visit password checker.

Never use any password I have shown here, nor test password checker with any password you intend to use! 

When should you change a password?

Now, this doesn’t mean you can avoid changing passwords ever again. There are key times when you should change a password. 

They include: 

  • After a service discloses a security incident. 
  • There is evidence of unauthorized access to your account. 
  • There is evidence of malware or other compromise of your device. 
  • You shared access to an account with someone else and they no longer use the login. 
  • You logged in to the account on a shared or public computer (such as at a library,  hotel, airport etc..). 
  • It’s been a year or more since you last changed the password, especially if you don’t have multi-factor authentication enabled. 

In all these cases, updating your password is a smart precautionary step. A new password ensures that someone can’t abuse your account even if they have the old password. Additionally its good practice to change even strong passwords periodically.

The Blue Elephant guide to creating strong Username

I think your starting to get the picture now, it’s time to change old habits and mindsets setting a secure username is vital to keeping hackers out. not only will this guide help you understand what makes a secure username, but how to implement changes to keep your site safe and sound.

Believe or not many WordPress users, use username “admin” or “business name” or  your “first or surname name” for example, I wouldn’t use Blue Elephant or anything listed on my website as a username, this makes hackers wet-dream easy enough for someone to guess! I stated earlier It’s your responsibility to ensure that your WordPress websites are secure, by following the guide it will secure your WordPress Login from being compromised.

To have strong username start to think mash-up, gibberish, slang etc… Yes, that’s right get messy!!! Even use mixture of nicknames, your pet, favorite color, hobbie etc…Get creative!

Username Example: BigDog11_Jimmy


Never create usernames that:

  • Are in any way related to the name of your website.
  • Includes your own name.
  • consists of your email address or domain.

Always create usernames that:

  • Are unrelated to your websites content.
  • Are obscure.
  • Are gibberish.

if your account username or password falls into the bad, or even the good category, it’s time to change out your username or password ASAP.

The big Q, did you find this blog helpful or benefit you? Leave a comment below

Do you know anyone who can benefit from this blog/guide? Send them this page or click on the share buttons below

You’ll be helping us out by spreading the word about Blue Elephant, and you’ll be helping someone out.

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on whatsapp

Leave a Comment

Your email address will not be published. Required fields are marked *