I had a question this week from one of my clients relating to website security. She wanted to know why strong usernames and passwords are important. What are the risks in leaving things as is? I share here the answer to her question.
Strong usernames and passwords are the website owner’s equivalent of good handwashing in healthcare. They are the first line of defense.
Just like none of us like to think about contracting a physical virus or bacteria, none of us like us to think about our websites breaking because someone hacked in and injected a “malicious” string of code sometimes known as a virus.
And the fact is that for now, there are people with nothing better to do than to break into your web home and inject malware aka strings of code that essentially break your site or give the hacker control of the information, including sensitive user info. Sometimes it is bored and brilliant kids randomly playing around. Often it isn’t. Often is is ill-intentioned people focused on gaining access.
Almost everyone with WordPress powered site has a login url that looks like this: yourdomainname.com/wp-admin. Add to that the most common user name, “Admin” or “admin”. All that these people have to do is input that most common and the login page will come up. From there they input “admin” or “Admin” and play with passwords. There are digital robots that are designed just to do this …
Best case scenario, your site breaks, you pay to have it repaired and secured, and life goes on. Worst case scenario, your users’ private info is obtained and used in malicious ways and you have no idea that this is going on behind the scenes until your site breaks.
I have my site set up so that if someone tries to login using “admin” that IP address is blocked. They don’t get to keep playing in my pond. That is how important a strong user name is to me. There is absolutely no reason for anyone to be logging in to my site(s) with that username.
Strong usernames and passwords can feel like a complete PIA – waste of time … just like washing my hands after every. single. (freakin’). patient. contact. in the hospital. It takes time and when you are in hurry, holy cow!!! Yes even the no-rinse antibacterial hand wash.
I use a password storage system* that generates secure passwords. It eliminates the need to remember different passwords. I actually lost the password to this system before I understood how it worked and had to close the account out and start fresh …THAT was a learning experience. Out of it came a very strong password that I remember (and still check to make sure that I have it right) and a list of back-up one time passwords just incase. It is a sinking “Oh s**t!” moment when you realize that you have to go in and change every single password you use.
Life lessons! I had major epiphanies and aha’s this week around this topic that I’ll probably share in another offering. For now, this:
Website security is like everything else. Have your first line of defense in place. Set things up to be as secure as reasonably possible, have a tentative plan for your worst case scenario (what ever that looks like for you) and then, let it go. Doing this allows you to release any fear that you might have about worst-case scenario and move forward with love.