WordPress Password Security
First things first, you should do everything you can to make WordPress more secure. The iThemes Security Pro, (formerly Better WP Security) plugin will let you do all of these things quickly and easily.
1. Don’t Use Admin Username
We’ve hammered on this before, but do not ever use “admin” as your username. If that’s your username, change it. Change it now!
2. Hide Your Login Screen
Another tip to shut down the hackers and bots is to hide your login screen (/wp-login.php and /wp-admin/). You can give the page a unique URL and keep the bad element from even getting to it. The easiest way to do this is with the iThemes Security Pro plugin.
3. Limit Login Attempts
This might not stop hackers from cracking your password, but it will stop bots from hitting your login page with multiple attempts. Lock it down.
4. Require Strong Passwords
WordPress password security requires you and every other user to have a strong password, because the person(s) who doesn’t becomes the weakest link for hackers to access the entire WordPress platform not just that persons site. So do your part to create as strong a password as you can. Here are some tips to help you:
* Use Different Passwords – Always use a different password on different sites. Lazy people use the same password all the time. It’s easy for you, but all it takes is one breach and ever single one of your logins are at risk of being hacked and compromised. Oops. One way do this so that you can remember the password is to create a base password with something different for every website. You can create a pattern so that you won’t forget what that add on is. For example, you might add the last three letters of the site name to the end of your base.
* Never Be Predictable – Never use anything that’s predictable. You are actually likely to be far more predictable than you ever imagined. For example, do you follow suggestions, made in articles or on websites about how to create a strong password? You’ve just become predictable. Do you think you are sneaky changing letters for numbers? You’ve just become predictable. See it’s that easy.
* Use Passwords That Are Long – Long passwords are stronger. Of course, there is no need to go ‘nuts’ about it, but 8 characters are the shortest your password should be.
* Never Use Words or Phrases – Just don’t use an actual phrase or word, even when it’s not a proper English word. These hackers search real world text and can break just about any password that’s simply a word or phrase.
Finally, apart from iThemes Security Pro for WordPress, a Password Manager such as LastPass is another important tool, that will help you with your Password security, not just with WordPress, but with all the websites you use.