You should pay more attention to your passwords. It is recommended that you have a specific password for each service, and not to share them. Use apps to help you with this.
A strong password protects your account, privacy, and prevents targeted or automated attacks. A weak password is the easiest way to compromise systems, including WordPress.
In targeted situations, the attacker will use social engineering to try to discover your password. You’re out of luck if they use obvious things like your date of birth, etc. In automated cases, password dictionaries are used to match users and validate each possibility. Every year we see super weak passwords becoming the most used.
The ingredients for brute force attacks
Access to the WordPress administration, like any restricted system, requires a username and password combination. A brute force attack is a very common practice that aims to guess access data through trial and error. There are several techniques to prevent attempts, but in the context of this article the best one is to not use the “admin” user and especially to have a strong password.
Everything is automated with the use of tools, dictionaries of commonly used passwords and common or discovered usernames. And when they find sites with the username combination “admin”, and other discovered ones, and weak passwords that are in their dictionaries, the results are gaining access to the administration of your site and freedom to party.
Do not use the “admin” user
Not using the “admin” user, commonly used in brute force attacks, is a good security practice and its removal can be done via the WP administrative interface, plugins or by changing the database.
The easiest way is via the administrative interface. Create a new user with the Administrator role. Log out and log in again with the new user you created. Delete the “admin” user. Transfer the content to the new user and you’re done.
Native platform features for security assistance
With each new version, new features have been made available to increase user security and help them manage their password. I still believe that new
Example of using a strong password and the WordPress password strength meter
The image above shows an example of the WP password level meter and the use of a strong password. The levels are weak, medium and strong. I would like the platform to natively not allow the use of a password if it is not strong.
The image below illustrates the remote logout option. A feature that allows you to close a session started elsewhere. It is very useful for those who have lost their computer, cell phone or used a public one.
All passwords are encrypted and the default can be unique for each installation. In the wp-config.php file there are PHP constants that store hashes that are used by the application in password and encryption processing.
WordPress.org provides an API that generates these codes through the secret-key service .
Two-factor authentication
Adding a second layer of authentication increases the platform’s security level by connecting your account to a mobile device. I’ll talk more about two-factor authentication in WordPress later. Below is a list of plugins that add this functionality. The order is alphabetical.
You, as a user, by simply choosing a username and password, contribute – or not – to making your WordPress installation more secure.
adimprovements need to be implemented.
Leave a Reply