Passwords are definitely a chink in one’s armour when it comes to WordPress security. Over time, password-based protection has gotten weaker and the attackers stronger. In our earlier article, we looked at how brute force attacks are causing widespread havoc in the WordPress community. The most common mistakes that we make is not using strong passwords and reusing the same password on multiple sites. While the former one makes it easy to gain access to your site, the latter can cause a lot of havoc by compromising all your accounts. Hence it is imperative that we all put in that additional effort to set strong, hard-to-guess passwords and maintain unique ones for different accounts. Furthermore, there are many aids to make this job much easier than you think. So let’s look at what these tools are.
Password Policy Manager for WordPress
Looking for an exclusive plugin to enforce a strong and effective password policy? Your search ends here – the Password Policy Manager for WordPress. It helps you enforce a list of conditions while configuring passwords thus making them stronger and more secure.
The iThemes Security plugin enforces the use of strong passwords as rated by the WordPress password meter. You can even choose the minimum role at which this must be enforced.
We looked at ways in which stronger passwords can be enforced. But we left out an important factor of any login – the username. WordPress assigns the username admin during installation and most of us continue to use it without understanding the perils of doing so. While launching brute force attacks, the bots first look for this username. If a match is found, the bots will move on to guessing the password. As you can see, we do half the job for the bot by sticking with the default admin username. Hence it is always recommended to change the default admin username as soon as you install WordPress.
Apart from enforcing strong passwords, we need to resolve another critical problem – that of remembering many passwords. It is nearly impossible to remember umpteen passwords for various sites. To make life easier, we must use one of the popular password managers that are available on the Internet, such as LastPass. LastPass includes a strong password generator that will generate hard-to-guess, unique passwords. What’s more, it’ll do all the hard work of remembering all those passwords for you so you never have to worry about losing another password again.
Despite best efforts, passwords will continue to be the weak link as far as security is concerned. But initiatives like two-factor authentication (add cross-link) are fast gaining ground and eliminate the use of passwords completely. Until they get fully deployed, we mustn’t leave any stone unturned when it comes to enforcing strong passwords.