Re-post from the blog
When it comes to website security, the weakest link is often as simple as the password you choose. Many people tend to reuse passwords across multiple accounts, which is a major security vulnerability. What’s more, that’s not the only mistake you can make when it comes to passwords.
In this article, we’re going to discuss some best practices when it comes to passwords. Then, we’ll talk about how to use applications to manage them more effectively. Finally, we’ll explain how to use these tools to secure your WordPress site.
Let’s talk security!
Why Password Security Is Essential
There are a lot of things you can do to protect your WordPress website. You can set up robust security plugins, whitelist the IP addresses that can access your site, change the URL of your login page, and more. However, the single most important (and easiest) thing you can do to protect your website is to use a secure password for your admin account.
Nearly every application or website that requires an account also lets you use a password to protect it. In theory, passwords are an elegant solution to a complex problem – how to prevent other people from accessing your accounts. However, in practice, passwords often leave a lot to be desired.
For example, a surprising number of people tend to reuse the same passwords across websites. This means that once someone gets their hands on your password, they might have access to your entire online presence. Moreover, a lot of websites play fast and loose when it comes to protecting your data. Password breaches happen all the time, and even popular sites can make mistakes.
Overall, it’s not wise to trust all websites to protect your information. With that in mind, it’s up to you to follow password security best practices for protecting your accounts.
Key tips for using passwords safely:
- Use a unique password for each account. This ensures that even if one of your passwords gets stolen, your other accounts will be safe.
- Opt for long passwords that include multiple words. The longer your passwords are, the more difficultthey are to crack.
- Don’t use personal information in your passwords. Some examples of this include using relatives’ names, birth dates, nicknames, and more. If someone can guess your password just by knowing you, then it’s not a good deterrent.
Let’s be honest – most of us have heard these recommendations before. However, a lot of people don’t follow them until they have a security scare involving their accounts. Remembering complex passwords for each account can be a hassle, so we end up making compromises.
Fortunately, technology offers us ways to store this information safely, without having to jot down passwords on post-it notes. Using a password manager provides you with a simple way to store all your login credentials in a secure environment. Let’s talk about how these tools work.
An Introduction to Password Managers
Password managers are applications that enable you to store your passwords securely. They do this by encrypting your information, and preventing anyone but you from accessing it.
In some cases, you’ll need to use a master password to access your stored credentials. A lot of password managers also enable you to access them using your fingerprint on mobile devices, which adds an extra layer of security. The key functionality of password managers is to ensure that only you can access the credentials you store. Often, this includes restricting your passwords to authorized devices.
It might seem counterintuitive to store all your passwords together. However, these managers are much more secure than post-it notes, as well as incredibly convenient. Plus, they contain plenty of useful functionality.
Key features of a modern password manager:
- Password generation functionality. Along with enabling you to store passwords safely, these applications can also help you generate unique credentials for each site.
- The ability to sync passwords across multiple devices. This enables you to access your accounts on all your personal computers and mobile devices, so you’re not tied to a single location.
- Autofill functionality. In a lot of cases, password managers can recognize login forms and fill them in for you.
- Warnings if you repeat passwords. Using the same password across multiple websites defeats the point of using a manager. Therefore, these tools will often warn you when you’re about to reuse a password.
- Reminders to change your passwords regularly. Even secure passwords should be updated from time to time. This way, you minimize the risk of breaches even further.
Password managers are fantastic tools in most respects, but they’re not without downsides. For example, if someone gains access to your primary account, they may be able to get all the passwords you’ve stored within the application. However, if someone steals your personal devices, you’ll probably have more significant security issues to deal with.
Overall, the main selling point of password managers is convenience. Theoretically, you could memorize different passwords for each account you own. Let’s be honest, though – hardly anyone is going to do that. Password managers enable you to offload all that work and access your accounts seamlessly. For that reason alone, they’re useful for just about anyone. Plus, you have some quality options to choose from, even if you’re on a tight budget.
2 Top Password Managers for All Platforms
There are a lot of password manager solutions to choose from, for every platform you can imagine. However, we’ve narrowed down the options to two applications that are both easy to use and budget-friendly. Let’s introduce each one in turn.
1. KeePass
Like WordPress, KeePass is an open-source application. It looks very basic, but it’s the best option if you’re looking for an extendable password manager.
Unlike other solutions, KeePass doesn’t automatically sync your passwords across devices. It stores them locally in an encrypted file, which you can copy over to other computers. For that reason, it requires a bit more work to use on your end. Putting that aside, however, KeePass is by far the most extendable password manager we’ve used. Its open-source nature means that you can extend the application’s functionality using plugins, and there are a lot of great options to choose from.
As a WordPress user, you’ll probably feel right at home installing plugins to add new functionality to KeePass. With the right features set up, this password manager has no reason to envy other, sleeker-looking applications.
Key Features:
- Stores your passwords locally using an encrypted file.
- Lets you use any of the application’s many ports, if you want access to additional features.
- Offers many plugins that expand the application’s functionality.
- Enables you to share password databases with multiple users.
Price: Free | More Information
2. LastPass
LastPass is an excellent option if you’re looking for a password manager that’s both sleek and user-friendly. You can set it up on all major browsers and OSs. Plus, this application will seamlessly sync your passwords across all of your installations.
What’s more, LastPass also enables you to protect your master account using Two-Factor Authentication (2FA). It warns you if you’re reusing passwords, and it can even alert you if one of the websites you use has been hacked. That way, you can change your password immediately.
While LastPass can help you generate passwords, it also enables you to audit ones you come up with on your own. In either case, creating new passwords with LastPass is very simple. If you’re using a browser extension, this tool can easily recognize when you create a new account or update your credentials. Then, it helps you store the new passwords.
As far as the mobile experience goes, LastPass’ iOS application feels a bit more polished than its Android counterpart. However, both versions of the app do their job well.
Key Features:
- Helps you store your passwords and sync them across devices.
- Protects your master account using 2FA.
- Enables you to monitor your account’s security and audit your passwords.
- Automatically detects when you create or update an account on the web.
Price: Free and premium plans available | More Information
How to Use a Password Manager to Secure Your WordPress Website
Along with safeguarding your personal accounts, there are two main ways using a password manager can help protect your website. The first is by enabling you to secure your web hosting account. After all, if someone gains access to that account, they could enter your site or even delete it altogether.
Regardless of the hosting provider you use, your account’s password needs to be unique and complex. Using a password manager can help you in both instances. We recommend that you generate a new password now, and change your hosting account’s credentials:
Moreover, it’s also a smart idea to set up a schedule for updating your most sensitive passwords. That way, even if there’s a password breach, your accounts will remain secure.
As far as WordPress itself goes, you need to make sure that any accounts with administrator privileges are using hard-to-crack passwords. In most cases, there should only be one account with that level of access (yours). If you’ve already set up a password manager, go ahead and generate a new set of credentials for your account right now:
It’s also a good idea to talk to your website’s contributors about using secure credentials. You can even recommend that they try out the password manger tools we’ve introduced!
Conclusion
There are a lot of things you can do to protect your WordPress website. For instance, hardening the passwords you use for your admin and hosting accounts is one of the best ways to ensure that no one else gets in. If you can remember long, complex passwords without writing them down, then you already have what you need. However, we suggest using a password manager instead, since these tools are much easier to deal with.
If you’re not sure what password manager to use, here are two of our favorite solutions:
- KeePass: This is a powerful and open-source password manager, which can be extended using plugins.
- LastPass: This tool comes in both free and premium versions, and it mixes a lot of features with an easy-to-use interface.