If you’ve been developing or hosting with WordPress for any significant amount of time, then you probably are aware that WordPress installations get attacked… a lot. These attacks range from exploiting plugin and theme vulnerabilities to directory browsing to the most common form of attack– brute forcing users’ passwords. If you’re unfamiliar with the concept of brute force, it can be explained easily: it’s the automated attempts of a hacker to gain access to a user’s account by trying many password combinations. I say automated because, while in theory, a person could attempt to brute force manually, it would take forever. Automated systems, such as WPscan can try about 500 passwords in about 1 minute. There are a number of reasons why a hacker would want to gain access to a WordPress installation, but that’s out of the scope of this article. Simply put… you need a password manager. I recommend Dashlane.
I Was So Young
In my early years of developing WordPress websites for my clients I was… how shall I say it… naive. The convenience of being able to login to any of my clients’ websites with the same username and password just made sense. So if a site did get hacked, there was no real linking between the two. How would the hacker ever be able to figure out that I made websites for both customer A and customer B. Well, here was the problem: I was hosting all of my clients’ websites on the same server, and it was my server. Determining my client list was very easy with tools like You Get Signal’s Reverse IP Domain Checker. A breach on one website, would have been a breach on all websites.
Now there are lots of ways to secure a WordPress installation. But one of the easiest is to use different usernames and different complex passwords for all of your websites.
For example, in my early days a common username and password might have looked like this:
It wouldn’t be a simple password to crack by any means. But take a look at the difference now:
Even if someone knew how to guess my random username string, the brute forcing of such a password would take well over 100 years. Keep in mind that the username and password is different for every website. How do I keep track of all passwords you ask? This is where a good password manager comes into play. A password manager in invaluable to a WordPress developer or a webhost.
Which Password Manager Should You Use?
There are lots of options out there for password management, and I’ve tried several: 1Password, LastPass and my personal favorite: Dashlane. It’s the one I use on a regular basis.
With Dashlane all of the websites that I mange have different usernames and incredibly complex passwords. And the beautiful thing is that I don’t have to remember any of them. Upon visiting the admin panel of any website, Dashlane logs me into it automatically. It also keeps passwords synced across multiple devices, and with a Safari extension for iOS, I can use Dashlane to log me in even to websites on my iPhone or iPad.
If you’ve never used a password manager before, I highly recommend Dashlane. And if you sign up using the link below, you’ll get $20 off your first purchase.
Have a password manager that you love? Let me know about it in the comments below.
- Integrate Sendy with WHMCS Billing for less than a Latte - July 8, 2016
- Can I Really Make Money With Web Hosting? - July 5, 2016
- Can Independent Web Hosts Be Competitive? Here Are 3 Proven Ways - July 1, 2016