• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Lifeform

Web Design | Digital Imagery

  • Home
  • About
  • Gallery
  • Services
  • Blog
  • Contact

WordPress Security: Passwords

January 31, 2013

WordPress security

Internet security and privacy frequently makes the news these days with big name sites falling prey to hackers. We store more information online than we ever have before and we’re rightly concerned about the security of that information. If you own a website, you’re a potential target for hackers, but maybe not for the reasons you think.

As I monitor & maintain a growing number of WordPress sites, I have noticed over the years and especially of late, a gradual increase in malicious activity. Taking the steps to secure your WordPress site is a bit like backing up your data or wearing a seat belt – it’s best done before disaster strikes!

WordPress is Popular

WordPress (WP) is hugely popular and considered by many to be the number 1 open source content management system available. WP now powers around 17% of the top 1 million sites on the web and around 60 million ‘blogs’ (half of those on wordpress.com and many with ‘blogs’ as only part of the site).

This is great news as it means a solid future for the WP platform. The other side of the popularity coin is that hackers are becoming more interested in breaking into WP sites.

Why would someone want to hack into my site?

You may think that no one would be interested in your site, after all you’re a small business doing good things in the world, why would anyone want to bother you?

The short answer is money. Most hackers want to place hidden links or malware on your site which either directly or indirectly allow them to advertise (dodgy) products and will try to do so via automated programs. So it’s usually not personal – it’s all about the moolah.

Is WordPress Secure?

The short answer is yes, WP is secure but no site that’s accessible via the internet will ever be 100% secure. The core of the WP program is secure but your server and the way your WP site is installed & configured, your themes, plugins or passwords may not be.

What should I do?

Most attacks on your site are automated ‘brute force’ attacks. They attempt to guess your user name and password. Most try the old default user name ‘admin’, generate passwords and repeatedly attempt to login. Some I have noticed recently sniff out your user name and then work on your password. This is only a problem if your password is weak. There are a range of measures that can be used to secure your site, however at the top of the list is insuring that your passwords are ‘strong’. So here’s a list of recommended practises and things to avoid.

Password Do’s and Don’ts

Don’t use the same password across all your websites or accounts. If one is compromised the others may follow.
Don’t use any combination of your own real name, username, company name, or name of your website.
Don’t use a word from a dictionary, in any language.
Don’t use a short password, a numeric-only or alphabetic-only password

Do make your password at least 8 characters long, preferable 15 – think about using a ‘pass-phrase’.
Do use upper and lower-case alphabet characters as well as numbers and symbols/special characters (e.g. ^ & * # _).
Do change your passwords every month (or at least every 3 months).
Do make sure your personal computer is also secure – especially if you store your passwords on it!

Yes, a ‘strong’ password may be difficult to memorise, but there are good password managers available such as 1password (https://agilebits.com/onepassword) which make the process easier.

If you want to test the strength of different types of passwords, this site is interesting and a bit of fun: http://www.howsecureismypassword.net

Like backing up your data, it’s easy to put off sorting your passwords, but the negative impact of a compromised website (or any of your online or mail accounts) on your business and reputation means it’s something worth doing sooner rather than later.

If you have any queries about website security, are unsure about how to change your password or would like a website security audit, don’t hesitate to get in touch.

More Resource: http://codex.wordpress.org/Hardening_WordPress

This post is based on an article in the Jan 2013 newsletter – more on security in coming newsletters.

Read Part 2 of this series: Easy Secure Passwords.

FacebookTweetPinLinkedInEmail

Filed under: Security WordPress

Read More:

  • Blackball
  • Croesus Track
  • Design & Creativity
  • Gallery
  • Images
  • Inspiration
  • Karamea
  • Marketing & Social Media
  • Mountain Biking
  • Nelson
  • Nelson Lakes NP
  • New Zealand
  • New Zealand Ferns
  • News
  • Security
  • SEO
  • Southern Paparoa Range
  • Taupo
  • Tongariro National Park
  • Travel
  • Video
  • West Coast
  • WordPress
Previous Post: « Light Show
Next Post: Two Factor Authentication for WordPress »

Primary Sidebar

BROWSE CATEGORIES…

  • Gallery
  • Video
  • General News
  • Travel
  • WordPress
  • Design & Creativity
  • Marketing & Social Media
  • New Zealand Ferns

Nice things clients have said…

  • a horse of course
    When I needed a new website one of my prime interests was to have a user friendly simple and straight forward site that was a pleasure to visit. Simple, Honest, and Effective. It was a pleasure to work with Rob, he interpreted well and built exactly what I imagined, plus kept me well informed throughout the process. And it works! I’m really pleased with the whole process, and look forward to working with Rob to develop the site further as the business evolves.
    The Twisting Trail
  • Awesome job on the website Rob, your patience, problem solving and technical expertise have been invaluable in producing just what we needed. There is a collective sigh of relief from the Pataka team that we now have a clean, user-friendly site to showcase what we have to offer, or as one of Pataka’s staff put it… 'Super bloody marvellous'!
    Stu Forsyth, Senior Graphic Designer – Pataka Art + Museum
  • Soulscape logo
    I can’t recommend Lifeform Labs enough. Rob has been extremely good to work with. His approach is professional, prompt, and above all helpful. He offered, and delivered, a very affordable product geared to my specific needs. Never once did I feel overawed by all the IT stuff, yet he did encourage me to grapple with some aspects of the web, which has improved my understanding immensely. If you need a web guy Rob at Lifeform Labs is your man.
    Deborah Bower – SoulScape
  • Lee Woodman
    Rob’s technical WordPress know-how has got my site up and running, but it’s his knowledge of the web that I’ve found especially useful. His advice on search engines and social media trends has helped me to develop an overall strategy – I know what I need to be doing next. Cheers Bob!
    Lee Woodman – Artist & Designer
  • Jessie Leov
    I needed a clean looking site that I could maintain and style myself – Lifeform Labs did an awesome job!
    Jessie Leov – Musician
  • WordPress Logo
    We use Lifeform for all our website work. Rob does a great job administering our websites, keeping them updated and optimised.
    Sue, Nelson
  • Susie Vokins
    Rob assisted me build my first ever business website and logo. To say I am a rookie in these sort of things would be generous. I had absolutely no idea apart from the fact that I wanted some nice photos, a certain theme and was quite clear on the logo I wanted. I can only praise Rob in all his dealings with myself and my colleagues – he was calm, informed, insightful, had great attention to detail and was always there whenever we had any questions. The result is a website and logo that I am 100% happy with created in less than 3 weeks. I cannot recommend Rob more highly.
    Susie Vokins – Susie Vokins Associates
  • logo
    Rob was great to deal with, prompt in his responses to my queries and ever willing to sort out my website problems with me, often at short notice. It was important to me that I retained some degree of control over my website and that I could learn from Rob as we went along. He was very open to this. He charged fairly and I look forward to working with him on an ongoing basis.
    Ange Palmer

Footer

WEB DESIGN & MARKETING

  • About LIFEFORM DIGITAL
  • Web Design & Development
  • WordPress Business Sites
  • E-Commerce
  • Photography & Videography
  • Search Engine Optimisation (SEO)
  • Brand & Marketing
  • Contact us

FEATURED VIDEO

  • Te Ramaroa 2021 – Church Steps
  • The Blackball Bathhouse
  • Skateseat
  • Little Pig Building Co
  • String Theory
  • Taranaki Falls – Tongariro NP

  +64 27 427 5631

LATEST FROM EL BLOGO

  • Lotus Eaters Lullaby – Exhibition by Lee Woodman – Nelson, 2022 [Video]
  • What is DNS?
  • Lotus Eaters Lullaby – Exhibition by Lee Woodman, Refinery ArtSpace, Nelson, 2022 [Images]
  • ‘Push Play’ Sound Sculpture by Lee Woodman [Video]

ECOFIND - DISCOVER PURE NZ
List your sustainable business »

All images & text Copyright © 2022 Lifeform NZ Ltd   ·  LIFEFORM DIGITAL  ·   Creative Design Studio   ·   Nelson NZ   ·   Privacy Policy   ·   Terms and Conditions

Scroll Up
Share this ArticleLike this article? Email it to a friend!

Email sent!