How to Setup Strong WordPress Passwords

WordPress 3.7 updated their password meter to recognize common mistakes that can weaken your password such as dates, names, keyboard patterns (123456789), and even pop culture references. While this is a good start, we recently learned how to create a strong password by using one of the password management tools or an online tool like http://passwordsgenerator.net/.

Remember to use unique strong passwords for all your accounts in WordPress such as your admin account, user account, and WordPress database user account. And of course you want to use WordPress’s secret key generator tool for the core configuration.

SpiderLabs Discovers 2 Million Stolen Accounts

Yesterday there was a post from the Trustwave SpiderLabs crew about discovery of compromised accounts due to their investigation of the Pony Botnet. This is another great example of how one must protect their account information by having complex passwords for websites. And if you have the same password in multiple places, an attacker could easily pivot into that account as well.

Part of the analysis was a review of the top used passwords and nearly 16000 accounts had the password of “123456”! Other top passwords in use were “123456789”, “1234”, “password”, “admin” and other simple number patterns.