Best Practices for Strong Passwords
Why Passwords Matter
Weak passwords are the most common way WordPress sites get compromised. Automated bots try thousands of common passwords against your login page every day. A strong, unique password is your first line of defence.
What Makes a Strong Password
A strong password should be:
- At least 12 characters long β longer is better
- A mix of uppercase, lowercase, numbers, and symbols
- Not based on dictionary words, names, or dates
- Unique to your WordPress account β never reuse passwords across sites
Use a Password Manager
The easiest way to have strong, unique passwords for every site is to use a password manager like 1Password, Bitwarden, or LastPass. These tools generate and store complex passwords so you only need to remember one master password.
We strongly recommend using a password manager. It eliminates the temptation to reuse passwords or write them down, and makes logging in faster and more secure.
WordPress-Specific Tips
WordPress includes a built-in strong password generator β use it when creating or updating accounts. Enable two-factor authentication for an extra layer of security. Never share your password by email β if someone needs access, create them their own account with the appropriate role.
Avoid passwords like 'SchoolName2024', 'admin123', 'Password1!', or anything containing your school name. These are the first things attackers try.
Was this article helpful?