Make Sure You Use a Strong Password & Why Your Weak Password Can Be Guessed in Less Than One Second

strong password

In my webinars, I always get questions about security. It always seems like the people whose WordPress sites get hacked believe that it happened through some sort of unknown vulnerability that’s beyond their technical comprehension. Though it is true that outdated software does leave vulnerabilities open, in many of my observations, I found that these same users did not follow basic security protocols like using a strong password.

Here’s a real story: I had a client several years back whose website constantly got hacked. So they came to me for help. The name of their company was Sons X, where X represents what their business did, for example, Sons Window Cleaning or Sons Automotive. I omitted their full business name for their privacy. They were using a firewall (as should everyone) so they were confused as to how they were getting hacked more often than their peers.

After they began to work with me, I immediately found a red flag. Their admin credentials were:

Username: admin
Password: Sons

It doesn’t matter if you use a firewall that protects you against Brute Force attacks. A password this simple is bound to get cracked, which leads us to the meat of this article: You need to use a password that no one will guess and that will take a machine longer than your lifetime to crack.

What is a Brute Force Login Attack?

Brute force login attacks are when hackers guess your password by trying every combination of passwords until it gets it right such as “aaaa”, “aaab”, “aaac”, etc.

The logic varies by each attacker. Some might try the more commonly used ones like “password1” first. After all, it’s all only a matter of probability. For example, let’s say that 5% of the US population uses the password “password1”. If a hacker obtains the username of 1,000 online bank accounts, he can expect to gain access to 5% of them, or 50 accounts, by definition. It’s not that difficult.

And it’s also the reason why it’s the most popular way to hack into a WordPress site, because it’s the most effective. And why is it the most effect? Because sadly, a noticeable percentage of the population still do not use a strong password.

Why You Need to Use a Strong Password

If you do the math or use a password checker tool like the one from BetterBuys, you’ll see that the most easy passwords like “password1” would take less than a second for a computer to guess. Computer programs can attempt logins much faster than humans can and they’re readily available to criminals for free.

But if you were to use a strong password of 16+ digit alphanumeric password with special characters, a mixture of uppercase and lowercase letters, and don’t use any identifiable words. It would take millions of years (mathematically) for a computer to guess all possible combinations until it arrived as yours. A example of a good password would be

v3,QL{^Jv”2_C`*\PN

which was generated using the Secure Password Generator.

 

Want to read more articles like this one? See 25 Ways to Improve WordPress Security

 

Sign Up for New Content