How To Create Passwords For WordPress: Complicated Password Generators, Base-Word Phrasing, Other Best Practices

Posted on | Updated:

If you’re in any way vigilant about online security, you undoubtedly have a different, complicated password for every protected online resource that you use. Also, because you’re vigilant, you might sometimes have trouble remembering passwords. Passwords are a pain but strong passwords are also a necessary means of defense against hackers who won’t stop at anything to gain access to your accounts, including WordPress.

It’s worth the time and effort to keep hackers off balance with smart, strong passwords that (hopefully) you can still remember. Hackers excel at exploiting weaknesses, and they have the time and the tools to keep hacking away. For example, one such method of attack is brute force hacking: They try to overpower your defenses, attempting combinations of usernames and passwords with software that recombines English dictionary words with thousands of variations.

Don’t let hackers take control of your WordPress site with a dictionary. You need to prepare for their brute force tactics. Here’s how you can do it:

Avoid “admin”

This one is simple: avoid the default “admin” name. Hackers will always try using “admin.” Also, don’t use common names or even your website name as the username. As tempting as it is to think a hacker won’t be able to spell your difficult last name, he can always cut and paste it from another source. Older installations of WordPress set “admin” as the username, but all usernames can be changed. You can change a username in the WordPress database by editing values, but if you don’t know how to do that, or don’t know how to access the database, consider trying the WordPress plugin Username Changer.

Employ Complicated Characters for Strong Passwords

Make things difficult and use complicated passwords: a combination of letters, numbers, and characters. Don’t select a password that approximates your username, site name, or a simple, common word or phrase that is easy to remember. To keep your password complex but unforgettable to you, consider using a phonetic password generator.

Use Base-word Phrasing

The easiest way to create a complicated WordPress password that’s memorable to you is to start with a base-word phrase. For example, take the old saying “don’t take wooden nickels” and abbreviate it: “dtwn”. Then, because passwords are stronger at longer lengths, add more characters – as many as 15 of them – by using another phrase you can remember. For this example, add “dadsays” – after all, your dad probably once warned you not to be tricked. Lastly, swap in non-alphabetic and uppercase characters. Your final harder-to-crack password here is: “dtwn@DadSays”.

Change Passwords Often

Don’t think you’ve got it made simply by setting a complicated password only once. In time, that password will be vulnerable. Frequently rotate and change your strong passwords. It’s time-consuming but worth it by keeping brute force hackers at bay. When a month or so has passed, clip a phrase from your current WordPress password (for example, the good ol’ “DadSays” part) and combine it with the second half of another website’s password, moving one of that site’s password half-phrases to your WordPress site. Your new WordPress password could be “dTwN#mOmSays”.

Limit Login Attempts

Abiding by the following password tips should strengthen your WordPress defenses. But it wouldn’t hurt to limit the number of login attempts hackers can make. The plugin WP Limit Login Attempts receives strong reviews on If activated, a login limit will lockout a hacker if he enters the wrong password more than the number of times you set in your WP admin panel.
The above password best practices will help you further secure your WordPress site. Granted, thorough password protection isn’t a quick task but it’s worth the time and effort to keep hackers off their game and safeguard your WordPress site.

Want WordPress without the hassle? Check out WordPress Without Limits, a managed WordPress solution, with one-click staging, one-click backup restoration, automatic updates, automatic backups, and free SSL.

Tagged with: ,

Want more news and updates like this straight to your inbox?

Keep up to date with the latest​ ​Hosting news.