Hackers, and I’m not talking about the ethical kind, have developed many password hack tools that can easily get at your personal data. And the main impediment standing between your information remaining safe, or leaking out, is the password you choose.
One of the simplest ways to gain access to your information is through the use of a Brute Force Attack. This is accomplished when a hacker uses a specially written software to attempt to log into a site using your credentials. This has been an ongoing problem with WordPress blogs, regardless of what version you have. There’s a WordPress plug-in called Login LockDown which prevents brute force password discovery.
Making your password at least 8 characters long will actually defer most hackers. It’s recommended that you use a combination of numbers, uppercase characters and at least one special character.
You should never use a password such as;
- Your partner, child, or pet’s name
- The last 4 digits of your social security number
- 123 or 1234 or 123456
- qwerty
- “password”
These are just a few passwords you should never use. It’s important not to use any password that can be easily guessed. This should be common sense.
[poll id=”4″]
Hi Frank,
Thanks for sharing this. My website had just been hacked 2 weeks ago. I had been looking for plugins so that I am able to safeguard my site from getting hacked again. I will install Login lockdown right away,
Strong passwords are really important. and I really think passwords should be changed as frequently as possible.
Andrew,
Good point. I change my passwords every 3 months and I do have about 12 different sites that I manage.
I totally agree with you. Your perspective is very interesting and I think that your article relevant.
Expective the next article, very informative as usual I hope
Strong passwords are really important.
I am in the habit of not using save password on my firefox for the ‘main’ email account and other than that I also have a strong password that came out of nowhere.. not that strong – But damn, brute force hacking sucks!
Rockstar,
That’s a smart move to never allow Firefox to save passwords.
I’m thinking of getting the LockDown tool, my husband was suggesting it a couple of days ago and now I”m more confirmed it’s a must. Memorizing a lengthy password is tough but ensures security. Sid has a good point and I tend to follow that habit as well.
@wchingya
Social/Blogging Tracker
Ching,
I have it installed on two blogs along with other security plug-ins and so far, so good.
I use user locker in my blog and it already prevent dictionary attack 4 times. Though after I delete default admin user, I don’t see any attack but I still use that plugin as it don’t do any harm. I have some set of password in my mind and I use it randomly when I really feel a need of registration.
Arafat,
That’s a good tip – removing the admin user as this is set by default.
please help me.. just wanted to know if there is a chance that i can remove this virus on my own.. as i have experienced, i can no longer open “rgedit” or “msconfig” either
orcel,
This is not a virus, but more of an informational article only. Have you downloaded any programs lately like Security Tool Virus?
What other security plugins do you like? I get a sense of security from WP Firewall. It sends me an email if anyone/anything not whitelisted tries to make changes to sensitive areas such as my passwords or template files. I also get notice of attacks.
Elizabeth,
I use WP-LockDown, WP-Security Scan and WP-Exploit Scanner.
I think WP Stealth Login + WP-LockDown might lower down the brute force password to minimum
Since WP Stealth login can change your login page to other custom login address. It’s very hard to allow hacker to trace your login page.
Even they know your login page, the WP-LockDown will act as second wordpress security to shut them down.
km,
WP-LockDown is a good program with lots of options, I use it today.
I heard Prottemac Logintrap nice prog for protection identity
If you’re using something as popular as wordpress I would rename your login page, they cant do anything if they don’t know where to do it.
Tony,
Also change the WP-admin name works best.