One of the best new features in WordPress 4.3 is the addition of strong passwords by default.
Why is this important?
How does this affect new users?
What should you do if you already have a user profile?
A Quick Overview of Passwords
Website security is always going to be a concern, no matter what platform you’re using.
WordPress is currently powering one out of every four websites (which is pretty damn impressive, when you think about it). This makes WordPress an attractive target for malicious hackers.
One of the easiest ways for a bad guy to get into your site is to exploit a weak password.
The fact is that most normal people have a fairly weak password. Check out this extensive analysis of ten million user passwords, and you’ll quickly realize how serious an issue this can be.
Automated brute force attacks are where a hacker bot simply tries to guess your password by running through a list of known passwords, dictionary words, common keyboard patterns, and even long quotes found online. Even the “leet speak” method of substituting numbers for letters is not as effective as people might believe against a brute force attack.
Whenever a large website has a database breach (and this happens with increasing regularity), all the passwords in that breach are dumped into future password-cracking databases, or pasted online for malicious hackers to use.
The online tool, Have I Been Pwned? can tell you if one of your emails was involved in a database breach from a third party site.
This is why it is important to have strong passwords that you do not reuse over and over again on multiple sites.
Strong Passwords Improve Security Substantially
All passwords have what is called “password entropy”. Simply put, this is how much time it takes a computer to run through all the possible alpha-numeric-symbolic combinations before it cracks your password.
For most users, this password entropy is still dangerously low.
Password entropy is why many sites require you to use uppercase and lowercase letters, symbols, or numbers in your passwords. The longer and more unpredictable a password is, the harder it will be to crack.
It’s important to note that simply having a long password is less effective if it is made up of common, easy to guess words.
Common words and numbers that are easy for you to remember also make it much easier for a bad guy to guess or crack.
Here’s where the new strong password feature in WordPress comes into play.
Strong Passwords In WordPress
New sites running WordPress 4.3 or later will assign you an auto-generated strong password when you first install a site or sign up. While you always have the option to change this later, keeping a strong password makes it significantly more difficult to crack your password.
This is all well and good for new users. But what if you already have a WordPress site? How do you change your password entropy to keep malicious hackers out?
You can login and go to Users > Your Profile, and from there, scroll to the bottom of the page.
Find the section called Account Management. You should see a button next to New Password that says Generate Password. Click that button.
WordPress will generate a new strong password for you. To save this auto-generated password, scroll to the very bottom of your profile page, and click Update Profile.
Make sure you keep this new password in a safe place.
Strong Passwords Are A Step In The Right Direction
While no website is 100% un-hackable, you shouldn’t make it easy for bad guys to access your site.
Strong passwords require a little extra effort to keep track of, but it’s worth the small effort to keep your website that much safer.