Jetpack for WordPress

How to Make Your WordPress Login Secure

Let’s talk about website security.

You may be thinking, “I use WordPress, one of the most popular platforms available. I’m sure they’ve got me covered.” And you’re right: the WordPress development team is doing a stellar job employing the latest security techniques to keep your site safe.

However, the software behind WordPress is only one piece of the security puzzle. You also need to consider other parts, like the login page, username, and password for your site. Logins are often the most vulnerable piece of a site’s security armor. If you don’t have a secure login, there isn’t much that WordPress developers or security experts can do for you.

Today, we will explore the ways that you can build a secure login for your site, from using a smart password to some of Jetpack’s security features.

Longer, stronger passwords equal better security

You may have heard this before: choosing a good password is the first step towards good security.

Contrary to popular belief, the best passwords do not contain cryptic characters, a capital letter, and a number. The most secure passwords are simply long. Security experts agree that longer passwords are harder to crack, according to The Guardian.

Adding punctuation and nuances are great additions to a password, but length should come first. It’s helpful to use a password management tool such as LastPass or 1Password that will generate passwords for you, in addition to keeping track of them and auto-filling them into sites you trust. That way, you will have the most secure passwords possible without needing to remember them all.

Applications like 1Password can help you generate and store secure passwords for all of your logins, keeping your site — and all of your other online accounts — safe.

Only remember one password with Secure Sign On (SSO) services

An alternative to a password manager is a secure sign on (SSO) service. You might already be using SSO services and not even realize it!

If you’ve visited sites that allow you to log in with your Google, Facebook, Yahoo!, or WordPress credentials, you are already using SSO. With SSO, you only need to remember a single password that works across multiple sites, even if those sites are managed by different companies.

Using Jetpack, you can enable Secure Sign On on your own website. Visitors will be able to use their logins when visiting, making it easier to complete a purchase on your site, access members-only content, or connect with millions of users in the comments. This will also give your site or online store some “backed by WordPress” credibility that will ease their minds when doling out personal information, like credit card data.

Enable 2FA on your logins for an extra layer of security

Your login page becomes twice as secure you need to input something in addition to a password to log in… something only you know.

This practice is known as Two Factor Authentication (2FA). It involves inputting both a password and another piece of information, usually a code sent to your mobile device. Jetpack has a built-in Two Factor Authentication option that you can toggle on in just a few seconds.

Once enabled, you’ll be prompted to enter a numeric code sent to your mobile device right after inputting your password. This added step provides a level of security that is roughly ten times stronger than a password alone.

Also, with this option enabled, if you see any login attempts you didn’t authorize, you can reject them immediately. This will keep your site — and your data — safe.

Don’t let hackers batter down the door

Every day, thousands of hackers scan the internet looking for sites to break into. When they find one of interest, they go for its login page. Hackers typically launch an age-old method of hacking known as the brute force attack.

Brute force attacks pummel your login page with incessant attempts at cracking your password. Essentially, the hackers continuously ask, “is this it? Is this it?” much like a toddler asking if they can have a snack every five seconds while you make dinner. Eventually, the hackers get into your site and walk away with all the cookies.

Won’t an extra-long password prevent this from occurring? It’s a great start, but while brute force attacks attempt to guess that un-guessable password, they’re slowing down your site in the process. When you continuously tell a toddler “no,” dinner ends up taking longer and longer to make. This means that your site visitors will be waiting far too long to check out your site, content, or products.

This is where brute force protection comes in. Jetpack adds brute force protection to your site for free. As long as you have Jetpack installed, you’ll be sheltered from any brute force attacks that come your way, keeping your site secure and preventing it from slowing down.

As soon as Jetpack is installed, it goes to work blocking brute force attacks — and keeping out those who may try to guess your passwords.

Keep the attackers away with Jetpack

Hacking happens every day, even if you’re not aware of it. Although your website might not be specifically targeted by hackers, it’s best to be prepared just in case.

By using the methods listed above, you’ll maintain secure passwords and a more protected site that will keep these hackers at bay. Employ Jetpack’s security features, lengthen your passwords, enable 2FA, and increase your site security today.

What tips do you have to keep your site safer? We’d love to hear from you in the comments below.