WordPress password security is more important than it’s given credit for. Just ask anyone who’s had their website hacked. Hackers can turn access to your website into money in their pockets and damage your online reputation at the same time.
WordPress Password Security is Your First Line of Defense
Here is an interesting video illustrating a dictionary attack on a WordPress site. A 14 character password with letters and numbers is cracked in mere seconds because it was comprised of two words and numbers and symbols commonly used to replace certain letters in passwords. I am including the link to emphasize the importance of enforcing the use of long random passwords in any organization.
http://www.youtube.com/watch?v=rLZ98tRJKfY&feature=youtu.be&t=43m30s
LastPass and 1Password both come highly recommended and Apple has implemented iCloud Keychain as a part of its cloud offering. I use KeePass in DropBox myself.
Case Study
This past year I had the pleasure of removing hackers from the website of a large organization. Their website had been injected with BlackHat SEO SPAM known as the Pharma Hack. While the organization was depending on website sales to generate revenue, their customers were seeing links to purchase pharmaceuticals. I found that the client thought they were using strong password techniques but were actually using a technique for creating passwords that is susceptible to the dictionary attack demonstrated in the YouTube video mentioned above.
Not Just For WordPress
Having a good password policy is always a good idea and WordPress is not the only CMS that attackers have compromised. I recommend using a cloud based encrypted password database to all of my customers, for convenience and security. Contact BCCS Computer Systems if we may be of assistance with your WordPress password security concerns.
For More Information
http://ithemes.com/2014/02/18/wordpress-password-security-protect-site-life/