I sometimes spend a lot of time talking website security with clients. There are three areas that I like to focus on:
- managing the risk of attacks in front of your site
- managing the risk of attacks inside your site
- managing multiple fail-safe backup solutions to restore your site quickly if need be
In my opinion, the most important (and the easiest) area is #2: managing the risk of attacks inside your side. I’ll discuss 1 and 3 on separate posts.
Listen, there is no way to make your website 100% safe from EVERY hacker in the world, but you surely don’t have to make it easy for them! And being lazy about your username and password is just about the nicest thing you can do for a hacker.
In WordPress, when you create a new website, the default username is “Admin”. Most people just go with that, which is an absolutely terrible, awful idea. “Admin” is the first username a hacker is going to use, and in most cases, it will work. This means they have already solved half of the username/password puzzle without even trying.
As to the other half, well, this is where people really need to step up. Most people use the same passwords for most or all of their online accounts, which is really bad; even worse, many people use the same obvious passwords.
Don’t believe me?
Each year SplashData releases a list of the 25 Most Common Passwords on the Internet, and this year the results were augmented by postings from the massive Adobe breach. It is stunning, actually, to see the passwords in play.
There is nothing more effective you can do right now to protect your website than making sure you are not using one of these 25 passwords (and if you are using WordPress, please, for the love of all that is good, don’t use “Admin” as your username)
Presenting SplashData’s “Worst Passwords of 2013”:
|Rank||Password||Change from 2012|
I have to say, I particularly like #25, which is new this year, and was recently discovered to be the launch code for the United States’ nuclear weapons for over 20 years.
People, come on, you can do better than that, right? Please? For all of our sakes!