As I am sure you are aware, the first Thursday of May is celebrated as World Password Day — be sure to order your cake in time and buy Gorilla Glue to seal the envelopes of the cards you will send out to friends and family to mark this joyous occasion. If you’d like to celebrate World Password Day another way, brush up on some best practices to help prevent you from being hacked with a few easy updates.
Sadly, as a WordPress developer, I am all too aware of the risks out there for websites and user accounts. The automated security attacks probing for website vulnerabilities start almost immediately after a site is launched. You might think that if you have a smaller website, or if you aren’t storing any sensitive information, that hackers would have no interest in your site. However, it is often the chance to harness your site’s resources for nefarious means that attracts hackers to small websites. Once in control of a website, these digital scoundrels can send out spam messages and set up malware and phishing pages, among other dark deeds.
Keep WordPress and plugins up-to-date
WordPress is wonderful. That is why we at Pulse Marketing use it almost exclusively to build our websites. It’s also why WordPress currently powers around 40% of all websites on the Internet. But having a large install thailand phone number list base also makes WordPress a larger target. After all, criminals know that they have a large pool of potential victims to prey on. Part of WordPress’s power and flexibility comes from a wonderful ecosystem of plugins available to extend sites running on WordPress, but a problem with all of this common code is that if a security vulnerability is found in a plugin, that vulnerability will be present on a large number of websites.
For these reasons, it’s important to keep WordPress itself and plugins up-to-date. At Pulse, we do monthly updates of all sites hosted on our servers and recommend you do the same. Furthermore, we monitor security issues in the WordPress community to more quickly address any updates issued for security holes. If you would like to keep tabs on WordPress and plugin vulnerabilities, I recommend following Wordfence’s blog.
Don’t Reuse Passwords
One of the simplest but most important things you can do to protect your sites and accounts is to avoid using the same passwords in multiple places. Obviously, a lot of people do this because it’s difficult to keep track of lots of different passwords for a myriad of online accounts, but the good news is that you don’t have to. I strongly recommend using your browser’s password management tools to generate and remember these randomly-created passwords. Beyond this, if you use one type of browser on both your desktop and mobile devices, it’s likely that you can sign into a single account that will store your passwords. For example, Google has a solution for their Chrome browser, Mozilla offers an account for Firefox, and Apple has their own password solution that works across their ecosystem.
If you would prefer a browser-agnostic solution, you can also explore dedicated password managers such as 1Password or LastPass. These tools offer browser extensions to fill in website credentials for you after providing a single master password. 1Password on iOS even integrates into the iPhone’s facial recognition to unlock your passwords.
The great thing about password managers is that they allow you to use a completely random password for each of your accounts. This way, if there is a security breach at, for example, an online retailer, you will just need to change your password for that one account. Hackers know that many passwords are reused, so if they get access to a user’s password from one place they can try it on other websites as well. By keeping your credentials unique, you reduce the chance that having any account hacked will lead to bigger problems down the road.
- Board index
- All times are UTC
- Delete cookies
- Contact us