Original post January 6, 2016. Updated September 15, 2019.
Website security can be overwhelming and complicated. There are so many ways to secure your website and lots and lots of people telling you how to do it.
I think of security as an accumulative thing – you learn one thing and then you move on to the next. It’s not something that you can stop learning about. Much like a shark, you have to keep swimming.
The most important thing, of course, is to have safe logins and strong passwords.
Most people talk about passwords being the weak spot, but a poor login doesn’t help either. Take admin for instance. If you have a WordPress website, do not use admin as a login name because you are giving half of your secret away. Instead use sharkgirl_23 or something crazy like that. In WordPress you can change your “public name” to be something completely sane. No one will ever know you are a shark.
just announced the Worst Passwords of 2015: 2018: 123456 and password top the list. Oh wait, weren’t those number one and two on the 2015 list? Yes! In fact they have been on the list as the worst passwords for the last five consecutive years! Also still on the list are princess, solo and starwars 111111 and football. Making a new appearance is donald. Yes, after the President of the United States. I am certain he would be pleased by this. However using celebrity names is a red flag:
“Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations.”
- Morgan Slain, CEO of SplashData, Inc.
I went to How Secure Is My Password? and tested
starwars donald. No surprise, it would be cracked almost instantly.
Passwords should be “digi-character” – a mix of letters and numbers and should be at least 12 characters in length. I went to Norton Password Generator and created a digi-character password of 12 characters and tested it again. This time it was “344 thousand years.” Better!
When you create a new login in WordPress, it automatically creates a password for you that is 24 characters long. I tried one of those and was greeted with a green screen that said, “It would take a desktop PC about 14 octillion years to crack your password.” Ok, now we are talking! And you need a strong password like that because WordPress websites are constantly under brute force attack.
If you are looking for a user-friendly password creator and password strength detector try using SafetyDetective’s Password Meter. It transforms everyday words into hard to crack passwords and rates them out of a 100 for strength.
Passwords are hard to remember – even short ones. Instead, I would recommend using a password safe like Keepass (desktop/portable) or LastPass (cloud). I use Keepass. It is very straightforward and it keeps my logins, passwords and other bits of info secure.
Strengthening your passwords is a simple measure you can take to vastly improve your website security. Using a password generator and a password safe to help you do it will improve it even more.