Blog

How to Improve WordPress Password Security

Beginner’s Guide on WordPress Password SecurityThere is no need to mention the fact that WordPress powered websites are the main target of most hackers.

After all, this is an open-source script and is the most widely used script for website building.

These features make it easily be hacked by most malicious intruders.

Most WordPress users take a lot of precautions measurements to prevent their sites away from the potential dangers, such as making regular backups, installing security-related WordPress plugins, scanning the website on the daily basis and many more.

Among these practices, the most basic one is to focus on safe and smart password security.

This time, we’d like to come out with a detailed guide on WordPress password security.

You may use a password for many reasons or occasions, such as your bank account, your social network accounts and your email.

And for WordPress, the password acts as the last gate for accessing your administration panel. A truly strong password is really important for any of you.

WordPress has already enacted a lot of related measures to protect you from the wrong and improper password practices but it is still you who takes the responsibility to ensure you are using a reliable password.

Here, we have listed some useful tips for using a strong WordPress password.

Pay Attention to WordPress Password Feature

Since WordPress version 3.7, WordPress already adds the password indicator feature during the process of password resets and account setup.

And when WordPress was updated to version 4.3 way back in 2015, this script then allowed you to generate a complicated password with the auto-populate function to encourage you to generate the strong one following the system suggestion.

In fact, until now, WordPress even enables the below-listed features for password fortification.

  • The strong and weak indicator achieves the creation of a better password.
  • The script will manage all the login information of your users, along with the authentication cookies on the server-side.

Update the Password Frequently

No matter how strong and smart your password is, you should keep the update on it regularly. There is no need to change your password on a weekly or even daily basis.

However, both you and your users should make the update at least every few months. It is advisable to change passwords every 4 months.

With the use of iThemes Security Pro plugin, you can ask users to make password changes regularly according to your own settings.

It is true that this may require you some effort and time since you have to go through some steps to change your password. But trust us, for the sake of your website security, this worth your efforts.

After deciding your new password, there are three ways you can apply to change it.

1. Edit Your User Account

Here, you just need to enter your admin panel and click the Users > Your Profile button. After scrolling down to the Account Management area, you can click the Generate Password button.

Now, you can enter the new password and hit the Update Profile button. From the password indicator, you can get some suggestions if your password is weak, such as using the upper and lower case letters, embedding numbers, adding some symbols and many more.

That’s it. The next time you log into your website admin, you should use your new password.

2. Reset Your Password Via Email

When entering your login credential, you just need to hit the Lost Your Password link. This way, you can provide your username and email of your account. And the system will send you an email coming with the password reset link.

After clicking the link in your email, you can type your new password and hit the Reset Password button.

3. Update Your Password Using phpMyAdmin

This requires you to log in to your phpMyAdmin account and choose the right database for your WordPress site. Then, you need to find the wp_users table and hit the Edit button. Here, it is possible that the prefix is not “wp” but a custom option that is changed you previously.

This time, you should focus on the user_pass field to enter your new password. Note that from the drop-down menu, you need to select MD5.

Reject the Old

There are some instances where users still want to use any of the former passwords after many changes. However, you should clearly point out that former passwords cannot be used for a higher level of account security. Users will be willing to partner with you to better protect passwords.

Go Long and Mix Letters Up

By default, WordPress recommends you use a password that contains at least 6 characters in length. But as far as we are concerned, you’d better extend the length to 10 to 15 characters, which is less likely to be crackable.

In addition to the length, you can also need to consider a string of items to put into your password. Here, you’d better not only use the numbers or letters. Instead, it would be better for you to mix them up, along with some symbols. Also, the letters should contain the lowercase ones and the uppercase ones at one time.

Examples of good passwords (don’t use these!):

  • x&*Gt56%4$f56TGo9
  • $3(*hyTRpPO8876!67

Use Two-Factor Authentication

If you really care much about password security, you can consider the utilization of two-factor authentication. This provides extra protection for your password to fight against potential hacks.

With this system, not only the strong password is enough to enter your admin panel. Instead, you also need to confirm the extra identity from a second application or device.

Read more: https://wordpress.org/support/article/two-step-authentication/

Use a Security Plugin

There are many WordPress security plugins you can use to improve your password security. In fact, they can not only fix the detected vulnerabilities but also set restrictions on the number of times to make failed login attempts.

In our experience, we recommend the Wordfence plugin which provides an easy way to audit your users’ passwords. This powerful plugin will help you a lot with the enhancement of WordPress password security.

Rick Hammond

I'm a marketing consultant by trade and also own a portfolio of over 20 websites. Over the years I have tested most of the well know hosting companies for my sites and therefore can give insight into which are good and which are not from my personal experiences.

Related Articles