How to choose a secure password for your WordPress account

It’s important to choose a secure password for all of your accounts, not just your WordPress user account. Feel free to take the advice below + apply it to all accounts that you create. Doing so will protect your personal life + business online.

What makes a password secure?

Before we dive into how to choose a secure password, it’s important to know what actually makes a password secure in the first place. Sometimes it’s easier to start with what it’s not. Your business name or personal details about you like your address, children’s names or pets all make for weak passwords. In fact, words on their own aren’t ideal for passwords.

I bet it would take you less than 5 minutes to learn my dog’s name, which means someone wanting to break into this site could do the same.

Beyond avoiding the basic details of your life, picking a winning password means avoiding single words + patterns. It also means making sure your password is not common + that it’s hard — if not impossible — to guess. Which means that this list of popular passwords is bad news bears for your WordPress site security:

  • 123456789
  • 111111
  • password

It doesn’t have to be impossible for you to pick a strong password though! In fact, there are tools that will help you make sure your site password is secure:

  • Trust WordPress to tell you if your new password really is strong
  • Edit your favorite song lyric to swap Es to 3s or As to @s — the more characters in your password, the better
  • Use a password generator to create a random password
How to choose a secure password for your WordPress account // tiny blue orange

See, even WordPress knows Mackay would be a terrible password for me to use. Sorry Mack!

From there, you can save your new + secure password to a password vault so you don’t have to remember it ever again.

Set your choose a secure password

Changing your WordPress password to the option you just picked is really easy. It’s 4 steps + will take you less than 60 seconds if you’re already logged into your site.

  1. From your dashboard, head to Users > Profile
  2. Scroll to the Account Management section
  3. Click “Generate Password”
    (Either use what WordPress suggests or type in your new one)
  4. Click “Update Profile”

Voila! Now your WordPress account is more secure than it was for however long you were using your old password. Feels good, doesn’t it? If you have any other administrator level users on your website, share this article with them so they can update their passwords too.

Remember, your site is only as secure as the weakest link. Whether that’s your weaksauce password, or the password of another user on your site. You might also want to improve your WordPress login security from here. Another way to level up your login page is by adding two factor authentication to WordPress.

Forget memorizing passwords

If picking + memorizing passwords sounds like the worst possible task for you to do, Heckin Passwords is for you. I built this free course with another WordPress developer, Sara Lloyd, to help our clients keep their accounts secure while keeping their sanity.

on your keyboard hit enter to search or esc to close