Your WordPress website is your treasure. You keep your treasure in a safe, locked away from others. The combination to the safe is something that only you know and in order to get to your treasure and open the safe, the key ingredient is that special combination known only to you. It’s in your very best interest that the combination is almost impossible to guess even if thieves find your safe and try to open it. They can try to crack the combination but in vain.
Security on the web is a very vague subject today. Companies invest most of their resources into security in order to make their services as protected as possible. Everything seems bulletproof until something bad happens. We’ve seen it happen dozens of times across the web, even to giants. My guess is that it happens to everybody – it’s just that a large percentage of companies is able to patch things up silently before anybody finds out.
The most recent example is what happened to WP Engine. WP Engine is a great company and I met some of the folks that work there at WordCamp Europe in Seville. Awesome people, awesome company, awesome hosting provider – that’s all I can say really! However, in the light of recent events, security breaches can indeed happen to everybody. The good folks from WP Engine transparently shared the breach information with their users via an article at wpengine.com /support/infosec/ (removed the link because it’s not working at this time I’m editing the article) and asked them for help as a matter of precaution. When things go south a bit, it’s best to always remain transparent.
One of the best practices (when it comes to security) that every serious web service will always recommend is to always choose a strong password. I suggest going through the article below from WordPress.com as it indeed provides some great info on this subject:
A quote from the aforementioned article:
The latest and most effective types of password attacks can attempt up to 350 billion guesses per second, and that number will no doubt increase significantly over the next few years.
Spooky, right? This is the reason why your password has to be strong and also, it is a very good practice to frequently change your WordPress password. The following text will demonstrate how you can accomplish this in a matter of minutes.
Change Your WordPress Password
Logged into WP Admin of your WordPress website, navigate to Users -> Your Profile and scroll down to Account Management.
Click on Generate Password and afterwards, click on Update Profile. You’ve changed your password successfully and your profile has been updated. Just to be on the safe side, you can always use the Log Out Everywhere Else button after you have changed your password.
For WordPress.com users, navigate to https://wordpress.com/me/security and update your password there.
Hope this article will be useful! Cheers 😀