If you have a website built with WordPress, then protecting your back-end dashboard is paramount. Letting your site get hacked is never a good look, and it can erode trust and confidence in your client base.
Your login ID and password are the keys to the kingdom, and it’s so important that you’re following best practices for passwords for your website. But do you know what those best practices are?
Let’s find out if your password is as secure as it can be!
Is it complex?
These days, a lot of online accounts will impose complexity on you. They enforce best practices for passwords – and that’s a good thing! If you’re starting an account from scratch, make sure you follow the rules on your own:
- use a combination of upper and lowercase letters
- throw at least two numbers and at least two special characters
- use at least 16 characters in length for strong security
It might be tempting to use words or phrases with meaning to you, so you remember your passwords. But if you want to use familiar words, make sure you’re breaking them up – we like to throw a special character in the middle of a word, or swap out a few charaters with similar-looking numbers. Don’t just use your pet’s name, or your birthday, or the name of your favourite Star Wars character – and definitely don’t use the word “password” anywhere in your password!
Your best bet is to use an online generator to create a completely original password that has no personal meaning to you. It’s the hardest to remember, but sites like XXX will give you a mnemonic with your password – a cute phrase to help you remember what it is – which helps. And there’s other ways to keep track of complex passwords – read on!
Is it unique?
Using the same password for multiple accounts opens you up to being a victim of a data breach. Once someone has hacked one of your accounts, they can quickly gain access to more.
For your website, it’s important to protect all your business assets by making sure that your hosting account, your WordPress dashboard account, and your FTP access account all have separate, unique passwords. If you have additional website-related accounts – such as a booking tool account like Acuity, or a mailing list management account like MailChimp – they should all be unique, too.
It’s a lot to keep track of, so make sure you’re not writing them down! Instead…
Is it stored safely?
Hands up if you have passwords written down on scraps of paper on your desk at home!
There’s a better way – and a safer way – to remember your passwords – a password storage plugin.
There’s some really great plugins you can add to your computer or phone that will help you manage all these unique, complex passwords – and you should definitely be using one. Consider 1Password, LastPass, or Bitwarden as options. They install a “vault” on your computer with one master password, the only one you’ll actually have to remember. With the app active, all other passwords will be decoded and automatically inserted as you log in to other websites online.
Remember, your vault is only as secure as your master password, so even if it’s a little hard to remember, make sure it’s complex and unique. Spend some time memorizing it if you can, and don’t write it down anywhere.
Is it private?
Sometimes you might need to grant access to your website to other people.
Perhaps you have a staff member who will be updating the site from time to time.
Perhaps you have a website developer who will be doing some technical work on your site.
Perhaps you have guest authors who would like to upload their own posts themselves.
Whatever the reason, don’t share your main website password with others. The best practice is to create user accounts for each person and give them appropriate access as needed. It’s easy! And it’s the safe thing to do!
Do you use 2-Factor Authentication?
If you really want to up your safety game (and you do!), then be sure to activate 2-factor authentification for your WordPress website. It’s a good idea to do this for ANY online account!
Two factor authentication means that any time you’re logging in through a new device, you’ll have to enter your password and an additional code that is texted to your phone or sent to your email address. This makes it extra hard for hackers to just break through with brute force methods, and makes sure you – and only you – can access your admin account.
Is your WordPress account as safe as it could be? Want to talk more about website security, or implement some safety solutions on your website? Then we’ve got your back!