Responding to the WordPress “Critical Security Release”
We’ve been doing some spring cleaning!
In response to WordPress’ proactive approach to a potential security conflict, we’ve taken the initiative to update and strengthen our login passwords to all our WordPress sites.
Why Change Your WordPress Password?
It’s a good idea to change your password at least once a year, and spring cleaning is a great time to do that!
Remember, no matter how secure your site is, if your WordPress password isn’t secure, your WordPress site is vulnerable.
What’s a Good WordPress Password?
Hackers sometimes use brute force techniques to attempt millions of password combinations—quickly. So to keep hackers from guessing your WordPress site’s password, follow these guidelines:
- Keep your password unique; do not use passwords that you have for other accounts
- Don’t use any of the most common passwords like “123456789” or “superman”
- Avoid real words and phrases (Hackers use tools like dictionaries, Wikipedia, the Gutenberg Project, and even YouTube to collect common phrases, quotes, and slang that have become common passwords.)
- Use eight or more characters, since shorter passwords are easier to guess/hack
- Use weird ch@r@c+er$ to help spice up your passwords (like !, &, and ^)
- If you get password writing block, delegate the work to Norton’s free password generating tool
- Don’t use the general “admin” username (which most our clients don’t!)
WordPress Security is Important
Quality passwords are only one part of site security. This week, our team also performed all outstanding updates to the website software and to the plugins within our sites, ensuring that the WordPress sites we manage are up to date and protected.
— Reify Media (@ReifyMedia) April 28, 2015