Website security can be overwhelming and complicated. There are so many ways to secure your website and lots and lots of people telling you how to do it.
I think of security as an accumulative thing – you learn one thing and then you move on to the next. It’s not something that you can stop learning about. Much like a shark, you have to keep swimming.
The most important thing, of course, is to have safe logins and strong passwords.
Most people talk about passwords being the weak spot, but a poor login doesn’t help either. Take admin for instance. If you have a WordPress website, do not use admin as a login name because you are giving half of your secret away. Instead use sharkgirl_23 or something crazy like that. In WordPress you can change your “public name” to be something completely sane. No one will ever know you are a shark.
SplashData just announced the Worst Passwords of 2015: 123456 and password top the list. Also on the list are princess, solo and starwars.
I went to How Secure Is My Password? and tested starwars. No surprise, it would be cracked almost instantly.
Passwords should be “digi-character” – a mix of letters and numbers and should be at least 12 characters in length. I went to Norton Password Generator and created a digi-character password of 12 characters and tested it again. This time it was “344 thousand years.” Better!
When you create a new login in WordPress, it automatically creates a password for you that is 24 characters long. I tried one of those and was greeted with a green screen that said, “It would take a desktop PC about 14 octillion years to crack your password.” Ok, now we are talking! And you need a strong password like that because WordPress websites are constantly under brute force attack.
Passwords are hard to remember – even short ones. Instead, I would recommend using a password safe like Keepass (desktop/portable) or LastPass (cloud). Personally, I use Keepass. It is very straightforward and it keeps my logins, passwords and other bits of info secure.
Strengthening your passwords is a simple measure you can take to vastly improve your website security. Using a password generator and a password safe to help you do it will improve it even more.