Ever caught yourself wondering, “Who on earth would snoop on my password?” While it may seem trivial, a leaked password is unfortunately one of the most common reasons leading to website data breaches. A hacker can easily break in to your site due to a weak password, or by following your digital footprints. When it comes to website security, it’s crucial to use strong passwords – and take good care of them.
Ensure You Have Good Password Hygiene
Even if your password is good, it’s worth taking care of it in the right way. So, remember these seven things when handling your password! The same instructions and tips of course apply to other systems and services – not only WordPress.
1. Manage Your Passwords
Remembering passwords can be difficult, so we recommend using a separate password manager – for example, free and open-source KeePass or KeePass XC. With the help of a password manager you can also generate new, complex and strong passwords, so you can say goodbye to having to come up with them yourself!
2. Use Different Passwords
If a data breach occurs in any service you use, your password can spread online and end up in the wrong hands. If you used the same password elsewhere, someone who knows your username – and now also your password – can attempt logging in to those other services. You can check on the haveibeenpwned.com website if your email address or password has been leaked online in any major data breaches.
It can be difficult to memorize a plethora of different passwords, but using a password manager program helps with this as well. You’ll get an even more convenient password manager if you use a browser extension.
3. Make Sure Your Password Is Complex Enough
Uppercase and lowercase letters, special characters, numbers… Although password requirements can vary depending on the system, don’t use any single word as your WordPress site password. Bots can try to log in with separate word lists, and these lists contain at least the most common words found in dictionaries.
A longer password is likely more secure, but a long word with strange combinations of letters, numbers, and characters can be difficult to remember and type. A password can also be an entire sentence, either with or without punctuation – it may be more suitable for everyday use than a complex word.
4. Remember to Change Your Password
If you suspect that your password has fallen into the wrong hands, is possibly too simple and weak, or you have been using it continuously for years, you should change it immediately to a new one!
Even if multi-factor authentication (MFA) is used as an additional layer of security, attackers can still find ways to log in, for example by using an MFA fatigue attack. Therefore, you should never rely solely on two-factor or multi-factor login for security.
However, two-factor or multi-factor login verification requests cannot be used to spam a user account if the password has not fallen into the wrong hands in the first place.
5. Don’t Share Your Password with Anyone
How do you recognize a true friend? Well, at least by the fact that they never ask for your password. So, don’t give your password to anyone – don’t share it with customer support, your colleagues, or family members. It’s for your own use only, and no one else should ever need it. The terms of the service you use may also prohibit sharing accounts with others.
6. Ensure Your Website Is Real
How can you determine a website is real and not a fake one set up by a scammer? The sad thing is, a phishing website is not always obvious. A skilled hacker may have had plenty of time to refine and prepare a page built for fraudulent purposes. A fake website can therefore resemble a genuine website deceptively, even if your eye is trained.
heck the browser’s address bar to ensure that HTTPS, i.e., an encrypted connection, is in use. Behind this button, you can also examine who has issued the website’s certificate. In Seravo’s WP service, websites use the Let’s Encrypt certificate by default.
7. Don’t Rely on a Security Plugin
The WordPress plugin directory contains numerous plugins that promise to boost, ehance or improve your site’s security. Curiously, their effect can be the opposite! Plugins contain code that can be vulnerable in itself, providing ways for intruders to break in to your site. Let’s think of it this way: the fewer plugins are installed on your site, the smaller the possibility of security vulnerabilities is on your site.
At Seravo, your site is monitored 24/7, and your site is scanned for malicious code each day. We also apply critical security updates to your site without delay and will contact you if malicious code is detected on your site. Websites in our hosting also have a Security Guarantee: we will clean your site of malware for free!
Towards an Even More Secure WordPress
Do you have any additional tips for maintaining good password hygiene? Share your tips in the comments! There are also a few other things you can do to further improve WordPress security.
Use 2FA & reCaptcha
We recommend enabling two-factor authentication (2FA) on all websites, as it prevents access to the site even if someone finds out your password. The plugin is pre-installed on sites in Seravo’s hosting, and you can find instructions for enabling the plugin on Seravo’s blog!
Did you see in your site’s logs that bots seem to be trying to log in to your site? Stop this with a CAPTCHA plugin! It is also advisable to use a captcha on contact forms, as bots can exploit an unprotected form to send spam – meaning spam will start going through your site!
Secure WordPress with Seravo Plugin
Seravo’s own plugin also offers features and settings that improve your site’s security. The xmlrpc.php file found in WordPress is a favorite target for bots, but if you don’t need XML-RPC, you can change the setting by logging into your WordPress site’s admin panel and selecting Tools > Security. You can also check our knowledge base for all the other features the plugin includes.
Leave a Reply