Password Best Practices

Securing your WordPress starts with a strong password. A strong password is complex and elaborate. It isn’t easy to guess since it doesn’t contain recognizable words, names, dates or numbers. While I wouldn’t suggest picking a password containing less than 20 characters, I can certainly understand it can be hard to remember a random string of letters, numbers and special characters. But in general, the more characters and complexity, the better.

So I would suggest you uphold following guidelines when creating a strong password:

  • At least 20 characters 
(preferrably more)
  • Use lowercase and uppercase
  • Containing numbers
  • Containing special characters such as a question or an exclamation mark

Example
A good password that upholds all of the guidelines above could be “As32!KoP43??@ZkI??L0d”.

Things You Should Absolutely Avoid

Names or words that can be easily linked to you:

  • The name of your partner or kids
  • The name of your pet
  • The name of your company
  • The name of your favorite sports-team or car brand
  • The year in which you were born
  • Your birthday

All these items are personal (mostly public) information and thus possible risks for social engineering. So avoid these at all cost!

Example

  • If you’re name is John Rogers and you were born in 1976, “JohnRogers1976” would be a really bad idea for a password.

Generic password elements:

  • Number sequences like “123” or “54321”
  • Using generic words like “admin”, “administrator”, “pass”, “password”, “blue”, “house”…

These kind of elements are the first terms that are tried by hackers when attempting to brute force your password, so please avoid these too.

Example
Obviously, the password examples below are horrible passwords and NOT SECURE:

  • MattMullenweg2018
  • admin123

You should also avoid using the same password on multiple sites or accounts.

Keeping track of your passwords

Since complex passwords are a real necessity these days, it can be a real burden to remember every single password. And thus most people resort to using a password manager to keep track of their different passwords. These password managers actually become a vault for your passwords, secured by one complex master password. They also have functions to automatically (or on your command) enter the stored password for you. This way you only need to remember your one master password to access the password manager vault.

Popular password managers

Most password managers are a paid service, however if you’re looking for a free solution, you’d might want to check out KeePass.