The importance of a strong admin password seems well known – if not universally practiced – by most WP users. It seems less well known that the strong password rule applies equally to every account associated with administering my WP site. This includes my cPanel account, SFTP, CloudFlare, email, web host, and domain registrar. If I lock down my WP admin account but someone hacks into my cPanel, for example – game over.
There are various methods of generating a strong password, including …
- Use a password manager like LastPass or one of it’s competitors;
- Google “how to create a strong password and remember it”.
Whatever method I use to generate a password, I need to make sure …
- The password is strong, i.e. very difficult to guess;
- I can remember it, or else I have a secure way to remind myself what it is;
- I use a strong password on every account associated with administering my WP site, not just on my WP admin account.
Brute force login attacks – systematically trying all possible passwords – are rare. Dictionary attacks – using a list of common passwords like Qwerty and Letmein – are common. I want to be sure not to use any of the 500 most common passwords.