Before we jump into the topic of WordPress password security, let me tell you a little story…
It was a beautiful website. The client was very pleased. It was a perfect reflection of the purpose and branding that made the company stand out. All was happy in the world.
But, they chose to maintain their own site. And then many months later, virtual tragedy struck.
Even though we put security measures in place to alert the client to issues, the client didn’t pay attention to them, and the problems that did eventually arise were never addressed. This left the door wide open for people of ill intent to exploit the compounded security holes that had appeared over time.
That’s when the call came. The client was dumbstruck by what had become of their once stunning site. When I entered their URL into my browser, my eyes beheld the spectacle of what appeared to be the not-so-artistic creation of blind intergalactic aliens that could only read, write and speak in what appeared to be Arabic (complete with circa 1980’s animated blip stars). At the bottom of the home page was one sole sentence in English saying something to the effect… “If you ever want to see your normal site again, click this link to pay the ransom!”
Fortunately, we were able to recover the abducted site in spite of the hacker’s demands, and the client learned a valuable lesson…
It is imperative for you to do whatever it takes to keep your website safe, both for the sake of your business and your customers.
Over the course of the next several blog posts, we will be discussing seven different ways for you to secure your website so that you don’t wake up one morning and find your site held hostage by nefarious (and probably not very visually creative) persons.
Here’s the first one…and it’s a big one…
1. Have Effective WordPress Password Security
This is one of the most obvious, but many times, neglected, means of keeping your WordPress site secure. As hackers become more and more sophisticated, the more important it is to make sure your passwords are secure.
WordPress password security starts with you.
Are you currently using a challenging password for your admin login on your WordPress site? (And, no, I’m sorry, just “password” just isn’t going to cut it, or no password at all, as this article suggests). This should lead you to the question, “How do I know if my password is strong enough?”
Here’s a good rule of thumb…
If your password is simple enough that you can remember it every time you login without skipping a beat, it’s probably not very secure.
If this describes your password, stop reading this post right now, and immediately go over to your WordPress site and choose a new, more secure password.
Now, once you get to your admin profile page, you will notice that the WordPress team has made an effort to help you. (You see, even they understand the importance of strong passwords). You will find a button there that simply says “Generate password.” Once you click it, WordPress will suggest a highly secure password for you.
Pro Tip (Sort of): Make sure you save your new password somewhere, whether it be in your Apple Keychain, your Chrome passwords, some other browser password extension, a text file, or at bare minimum, on an actual piece of paper (although I don’t suggest this, because, if you’re like me, you’d lose the paper).
Pro Tip # 2: Once you’ve implemented the pro tip above, make sure to scroll to the bottom of your profile settings page and click “Update Profile.” May as well make your password change official, and all 🙂
You would be shocked at how much more secure this one step will make your website. WordPress password security is under way!
That leads us to the second level of the password dilemma.
Other users on your site
If you have a website with multiple users, do you know how secure their passwords are? It’s great if you make sure your password is up to par, but you must make sure every user on your site is using strong passwords as well.
Now, the first obvious way to do this is to contact each user on your site and request that they login to you site and choose a secure password. Depending on who you’re working with, this may or may not be a good strategy.
A better idea to implement WordPress password security for your users would be to use a plugin such as Master Password Reset to automatically change the passwords for all of the users of your site. The plugin will then email each user letting them know that their password has been reset. You could make it a policy to periodically reset the passwords, for instance, once a month, just for an extra measure of security.
On top of this, you can also use premium WordPress plugins, such as Password Policy Manager for WordPress to force users to use secure passwords on your site.
So there you have it. WordPress password security is important, but it doesn’t have to be hard to implement or maintain.
In the next posts, we will be talking about the second way to secure your WordPress website which is…
#2 – Keeping the WordPress core software and plugins up to date.
…that one should be fun 🙂