Posts

Password Security Is NOT Optional

If you own a website, there is a good chance someone is trying to hack it right now. Forget a website … if you simply own a computer that is connected to the Internet, you are probably being targeted. Is this some kind of conspiracy-theory-driven fear tactic designed to sell security software? No. Sadly, this is pure anecdotal evidence from the last 30 minutes or so.

One of my websites is powered by WordPress. To beef up security, I use a plugin called Wordfence. I got an email alert from Wordfence that my actual administrative username had been locked after 20 failed login attempts. Of course, I hadn’t tried to log in at all today, so I knew it was a potential attack. Sure enough, I was locked out of the site. But the site was secure. The hacker tried to get in but was met with a strong password (thank you, LastPass).

Wordfence has an intriguing feature called Live Traffic that allows you to see the IP addresses of any users or search bots that have recently accessed the site. I was curious to see the attempted login activity and was shocked to see that there were multiple login attempts from nonexistent admin-sounding usernames. I checked another site I manage and found a similar thing there.

I’m not scared, and neither should you be. But one reason I’m not scared is that my passwords look sorta like this:

j&4%”kshgHfgoO0wbh&$#Ondu6%$3h

And yours should too.

Learn the security options available to you for your website and/or your computer. Stay smart and prevent hackers from even attempting to access anything. But if all that fails and a hacker is knocking on the door, make sure you have a strong password. Use a service like LastPass.

If you use good security practices, you don’t have to worry about global, distributed brute-force attacks like this.