Create strong passwords for a solid WordPress and online security strategy
Strong passwords are a crucial piece to any online security strategy. This is common knowledge, but article after article shows we are still complacent about our passwords.
In WordPress, it’s easy to enforce strong passwords with the iThemes Security plugin. The free version allows you to enforce strong passwords with a click of a button! This article shows you how to configure strong passwords once you have installed iThemes Security.
Panama Papers: Email was hackable via WordPress
You’re likely aware of the massive data breach at the Mossack Fonesa law firm, also known as the Panama Papers. The data was likely breached via a plugin called Revolution Slider, which allowed the hacker to access the WordPress wp-config.php file where the database credentials live, giving the hacker access to all the data in the database. If the Revolution Slider plugin had been updated then the breach may not have happened.
Online security is (mostly) not failing you. Your poor password choices are.
It goes beyond strong passwords for WordPress. Strong passwords should be used for all of your accounts including, email, online banking, social media, etc. If you are using a password such as “password”, “123456”, “qwerty”, or “111111”, then you are setting yourself up for a hack.
SocialTimes reports that 21% of people are using passwords that are 10 years or older and 47% are using passwords that are more than five years old! The article can be found here, along with a great infographic on password statistics and a list of the most common passwords used.
In the instances where you have set strong passwords but data was breached and possibly even posted on public forums, then your best bet is to change your passwords often and make them strong. Services like Have I been pwned? allow you to search various email addresses or usernames to see if they have been included in a data breach. You can even sign up for alerts for future breaches.
Manage the hassle of multiple passwords
Strong passwords are your saving grace with internet security, but I often hear that people cannot remember a strong password, or they can’t remember multiple strong passwords for their various sites. This is simply not a good excuse and comes off as complacent. Your email may not be as sensitive as your online banking account, but it doesn’t mean you should take email security any less serious than your other sensitive accounts.
There are many password managers available to help keep your accounts secure! Here is a list of the top three password managers available:
- LastPass: this service lets you store all of your passwords online and on a mobile device while only needing to remember one password.
- 1Password: store your passwords, PINs, documents, credit cards and more. 1Password is a paid service but the one-time cost is well worth the security and features you get.
- Dashlane: store and organize your passwords boasting military-grade encryption and it’s free!
The Panama Papers breach perfectly illustrates the need for online security and strong passwords and why you must also keep WordPress, plugins and themes up-to-date.
Not sure if your WordPress website is up-to-date? Contact me today for a free review of your WordPress installation!