Your Guide to WordPress Password and Username Security

Hacking and data breaches have been in the news for several years. At this point, things just continue to escalate – breaches become more devastating, and more people find that their personal and financial information has been compromised. An important part of your protection is using secure passwords – but what is that exactly?

Website owners find that their data has been stolen or corrupted. WordPress websites are not impossible to hack and can be the subject of other forms of attacks. Using the right password and username security tactics can have a major impact on how vulnerable your site is to these attacks.

Why Are Secure Passwords So Crucial?

While Hollywood might like to make it seem as though there are tons of ways to gain entry to a company’s data (and website), the truth is that the vast majority of attacks succeed because of compromised login credentials – a username and password.

There are only a few ways that attackers can gain access to this information, as well. One is to fall victim to a phishing attack, in which you unknowingly give the attacker your information.

The other is to use low-strength login credentials that can be guessed by attackers and/or hacking software. As such, protecting your credentials is absolutely vital to WordPress security.

Usernames and What You Need to Know

Securing your website starts with having a secure password

First, and most importantly, make sure that you change all usernames from the default. Admin should never be used. Come up with something stronger, as attackers find this one just too tempting to pass up.

Newer versions of WordPress don’t automatically default to “admin”, but some people change their accounts to that anyway. Avoid that.

It also makes sense to have two separate accounts – one for all of the administrative things you’ll need to do, and another for anything that you need to publish.

If you do publish anything, your username is shown. That’s bad news for admins who are trying to keep their login information on the down-low.

So, what makes a good username? Really, almost anything other than admin will work here, but the harder to guess, the better. Avoid using any name that could be tied to you in person in the real world, to your family members, or anything else that a hacker could discover by simply connecting the dots.

The Right Password

Secure Passwords should be as unique as your fingerprintNow that we’ve discussed your username, it’s time to turn our attention to what is (arguably) an even more important consideration – the password you use.

If an attacker somehow manages to crack your username, which is relatively easy even with something other than “admin”, they must still discover your password.

Sadly, too many people use simple, easy to guess passwords. Some of the most commonly used passwords (or should that be abused?) in recent years include the following:

  • 123456
  • Password
  • 123456789
  • 12345678
  • 12345
  • 11111
  • Sunshine
  • Qwerty
  • Admin
  • Iloveyou

Obviously, these are off limits. What should you choose, though?

After you check out our tips to protect yourself and your sanity, you should also check out our article How to Log in to Your WordPress Site Safely.

Tips for having a secure password

Length of your password

One important consideration is the length of the password that you choose. The longer, the better. All the passwords above are pretty short, and most experts today recommend at least 15 characters.

Using Special Characters in your password

Speaking of characters, avoid using just numbers or letters. Mix things up. Combine uppercase and lowercase letters with numbers and even special characters like & and * to create stronger passwords. However, avoid going with so-called leetspeak characters, like l33t and the like.

Multiple Words in your password

Many people use a single word as their password – monkey, or king, for instance. However, those are also pretty easy to guess. Instead, combine multiple words with numbers and other characters to improve their strength.

The point here is to avoid so-called dictionary attacks, where a hacker or hacking software runs commonly used passwords and single words to find weak accounts.

Create a Sentence for your password

If you really want to up your password game, consider creating one that is actually an entire sentence and then turns it into a password through abbreviation.

For instance, suppose you were to use the old saw, “The rain in Spain falls mainly on the plain”. That would be transformed into ThRaInSpFaMaOnThPl. Now, combine that with numbers and you have something that will be proof against most hacking attempts.

Change Your Password Regularly

A good password is wonderful, but it cannot be used forever. How long have you been using your current password or set of passwords? Chances are good that it’s been several months, maybe a year. Some people use the same password(s) for years at a time. You need to make sure to change your password regularly – say, every three months.

Don’t Use the Same Password in Other Places

Never, ever, use the same password to secure your WordPress login as you do anywhere else. In fact, you really should never use the same password twice in the first place.

Create a new password for every site. You should also make sure that they are non-derivative from other passwords. For instance, you could not use password1 with one site and password2 with another site. It’s too easy for hackers to guess if they get their hands on your credentials for one site.

Get a Password Manager

Given the complexity involved with good password hygiene and creating strong passwords, it can be impossible to remember them. And, of course, you should never, ever, ever write down your passwords.

So, what are you to do? A decent password manager can help. Even the built-in keyword tool and Chrome’s password saving feature may be enough.

The point is that you need a way to store and access those complex, convoluted, frequently-changed passwords without taxing your brain.

It is impossible to have good password management if you try to do it by writing down passwords in a text file – you should check out our tips on how to have good security by managing your passwords properly.


In Conclusion

In the end, securing your WordPress site begins with login credential security. A good username combined with a strong frequently changed secure password is one of your best defenses against hackers and other attacks. Of course, that’s not all you should do in the way of security practices, but it’s at least a place to start.

Read more about the author .

Save 40%

On monthly and annual plans

Lifetime Deals

Only during BF sales!




We won't spam you. Unsubscribe any time.

Wait! Before you go!

Get 10% discount for any WP Security Ninja plan!


Subscribe to our newsletter for new releases, discounts and general WordPress Security news. Sprinkled with other interesting stuff :-)

WordPress Turns 20: Save 20% Now!



Code valid till June 26th 2023

10% OFF

Subscribe to our newsletter

* We do not spam or share your email

Discount on any Security Ninja plan

and get

Hi and welcome back :-)