Strong Passwords: Keeping Your Site Secure


One of the single most effective things you can do to keep your web site or other online accounts  safe at the User layer is to have a strong password.

This past week in what has been one of the larger distributed brute force attacks against WordPress sites, over 90,000 IP addresses were involved in a login break in attempt by cycling through usernames and passwords.  The hackers control about 100,000 bots according to CloudFlare.  The scope encompassed every WordPress installation on the network.

Typically in the last few months, the attacks ranged in the 30-40 thousand per day.  This past week that number jumped to 77,000 per day.

The word went out from Hostgator, a popular hosting service late Thursday night:

At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress website. These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*).”  (Hostgator)

I highlight this attack, which was a brute force dictionary attack, to make you aware of how important a strong password is…not just for WordPress sites, but any web site, including social media accounts.   The scope of such attacks is gaining momentum.  This attack was so exceptional in its scope that it also caught the notice of the Department of Homeland Security.

Here at Switched-On-Sites, we make it a practice to always use strong passwords on all client sites.   We also worked through the night to make sure even those passwords were updated as a precaution.  The hosting services we recommend also have taken precautions to ensure protections against this kind of attack on their end.  But its best to think of security protection in layers and you need to have every layer protected against this kind of attack and other kinds.

What is a  Strong Password?  As in the quote above, its a password that follows these requirements.  It contains:

  1. upper and lowercase letters
  2. at least 15 characters long (why do I say 15?  Because it is known that hacking software can currently break  14 characters)
  3. and including “special” characters (^%$#&@*)

So what does a typical  Strong Password look like?  The following is an example.  Please DO NOT USE IT.  IT IS ONLY AN EXAMPLE.

9##@[iX’[email protected](8s


So if you are not yet using strong passwords, we strongly recommend that you start doing so immediately.
Want to know about other ways we can increase the security of your site against this and other kinds of malicious attacks?  Please contact me and we can discuss a plan that will cover your needs.  Stay safe out there!

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.