Admin|123456 – Securing Your WordPress Site

Garretttaggs / / CC BY-SA

I recently taught a WordPress 101 seminar on how to get a blog up and running quickly using As i wandered the room to assist with any signup problems, i noticed one peculiar dilemma reoccurring from student to student: almost everyone was stumped on creating a simple username and password. Seeing as this was shortly after the announced brute force attacks targeting WordPress sites, i advised them to be creative, unique, random, and lengthy in their selections. Hopefully they’re all now safe and sound.

The article WordPress Brute Force Attacks, and What You Need to Do About It outlines the steps you should take to avoid being hacked. I’ve listed the main points below, but please read the full article for detailed instructions on each step. These are overall suggestions, but points 1, 2 & 6 should be implemented at absolute minimum.

  1. Stop using the admin username
  2. Use a strong password
  3. Keep good backups
  4. Use two factor authentication
  5. Limit login attempts
  6. Differentiate your username from your site name (added point)

The ZoneAlarm infographic below illustrates some of the most commonly used (read: dangerous) passwords (other than #7), and makes suggestions for creating a strong password that’s easy to remember.

How to Avoid the Most Common and Dangerous Passwords


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s