5 Simple Rules for WordPress Login Security [infographics]
Securing a website is not that easy as it seems. There are to many factors to count when securing it. Also, there are many things not in you hands unless you are willing to spend good money on your hosting. And if they wanna hack, they will do that, no matter what you do. One important thing is to have WordPress login security by taking different measures. So, how you secure the Login page?
iThemes has published a few infographics regarding securing WordPress hosting. One of the infographics talks about securing the login for your WordPress website. They have mentioned 5 steps to be take to secure WordPress hosting, but they have missed a couple of very important security steps in their info graphics. I will mention those steps later.
The first measure is to create strong password. Mostly it is advised to have at least 8 characters password including letters (cap, small), digits, and symbols. iThemes mentioned using at least 12 character long password. Looking at today’s technology, it is not enough. The minimum length of password should be 16 characters. Never ever use passowrd, 123, asdfghjkl, or similar type of passwords.
The other measure is to never use same password on different account. Each account should have a unique password. If hackers get control of one account, they have to work hard to hack other account. A password manager tool like RoboForm, which is free, is very useful.
The third security step is to limit the login attempts. This is very good measure against brute force attack.
Limiting the use of XML-RPC saves most of the WordPress hacking. To understand more about XML-RPC, Wordfence has good written small article here.
Two-factor authentication is becoming popular. The security step taken by Google is now being followed everywhere. There are different ways to do two-factor authentication, e.g. SMS, email, app generated number, prompt at mobile device, etc. You can google two-factor authenication services for your WordPress hosting.
So, what is missed in iThemes infographics regarding WordPress secure login? They missed two very important steps: SSL and password change.
SSL (Secure Sockets Layer) creates encrypted link between the server and the browser. The data travel on that link is encrypted and is almost not possible to decrypt without knowing the private SSL key. Ask your host for SSL certificate and implementation.
Changing password with regular intervals is always advised. It reduces the chances of password being compromised, thus reducing the chance of WordPress being hacked.
