Protect Your Blog With a Solid Password

Filed as Features on May 8, 2007 8:14 am

I’m not going to name names, but I heard recently of some WordPress bloggers who had their blog’s “broken into” not because of a vulnerability in the WordPress code, but because their passwords were easily guessed and used.

Is yours?

I vaguely remember a television court drama from a few years ago against a gun safe company, won because a locked gun safe was easily broken into by a child. The combination was very simple like a phone number, 123456 or 654321. For one of these bloggers, their password was their name spelled backwards. The other used the password “wordpress”. Is the password on your blog just as simple?

The most common passwords are:

  • Middle names
  • Names spelled backwards
  • Phone numbers
  • The word “password”
  • Birthdays
  • Single or combination uses of love, god, sex, and money, such as lovemoney or sexgod
  • qwerty
  • abc123
  • password1
  • asdf
  • car license
  • letmein
  • yourname1
  • default

According to Wikipedia’s explanation of Password Cracking, “Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs.”

With all of the hype over security vulnerabilities and patches, virus scanning programs, firewalls, and protecting passwords and usernames, people are still really stupid when it comes to choosing and disclosing their usernames and passwords. Wired reported on a MySpace phishing attempt to gain access to usernames and passwords with these results: “MySpace estimates that more than 100,000 people fell for the attack before it was shut down.”

They also reported that “while 65 percent of passwords contain eight characters or less, 17 percent are made up of six characters or less. The average password is eight characters long.” The eight character limit has been trained into us as that was the longest the earliest software programs could handle. It’s not true anymore, but it’s a habit. Is your password eight or less characters long?

Roger Grimes of InfoWorld got some of the information on the MySpace debacle and reported:

*Almost 1 percent of users had the word “password” as, or as part of, their password. Not real clever.

*Words, colors, years, names, sports, hobbies, and music groups were very popular. FYI, your girlfriend or boyfriend’s name isn’t that uncommon in most cases. I, too, luv Brandi, Bob, or Joe.

*The color red was twice as likely to be used in a password as blue. No other colors came close in popularity percentage-wise. I guess “chartreuse” is a relatively safe password choice.

*Other popular words include: angel, baby, boy, girl, big, monkey, me, and the.

*Cuss words were very popular. Boy, there’s a lot of aggression out there.

*I was surprised about how many Christian-sounding — for example, “Ilovejesus” — log-on names were associated with the worst cuss words.

*Names of sports — golf, football, soccer, and so on — were as popular as professional sports teams and college team nicknames.

The strongest passwords are created with letters and numbers, or even with characters such as !@#$%*(). There are also a variety of free online programs that will help you create a complex and not easily broken password. Unfortunately, remembering such passwords is more challenging.

Door, photography by Brent VanFossen, copyright Brent VanFossen - not for public useRemembering such passwords for every password need you have, such as with your blog, email, web host, social networking services, social bookmarking services, blog registrations, software registrations, forums, chats, discussion groups…I don’t know about you, but I’m overwhelmed with passwords. I have a clipboard with 12 pages of all the passwords I’ve had with all the various online password accessed services for over the years! How can we remember all of these?

We can’t. Yes, there are now software and browser programs which will “remember” for us, but hit the road, borrow a computer away from home or office and that password program won’t help you then. Still, the passwords we use the most need a method to make them complex but memorable.

A popular technique is to work with acronyms based upon a favorite phrase of music, poetry, or quote, or a simple sentence. For example, “Oh, I just can’t wait to be king” from the Lion King could be abbreviated as:

  • OiJcWtBk
  • OeyeJcW82bK
  • Oheyejustc8ntw82bking
  • kbtwcjio
  • 01j(W2bk
  • hiuaaoei (using the second letter of each word)
  • 01j(\/\/7B|Leet Speak Converter)

It also helps to not use the same password for everything you access. Some suggest using the name of the program or service within the password, spelled forwards or backwards or the first or last three or four letters, within their password.

Examples from above for a WordPress (WP) blog might be:

  • OIJCWWordPressTBK
  • OIJCWTBKWordPress

You could easily replace WordPress or WP with ebay, myspace, flickr, or whatever title you need to remember which is which.

Years ago, a security expert told me that if any part of your password is in the dictionary, it can be hacked. The two keys to protecting your password is making it difficult for others to figure out, and don’t tell others. No matter how “honest” their request may appear. According to Yahoo’s Security Password Tips: A password is like a toothbrush: Choose a good one and don’t share it.

Some articles with good tips on creating respectable and fairly foolproof passwords are:

Lorelle VanFossen blogs about blogging and WordPress on .

Tags: ,

This post was written by

You can visit the for a short bio, more posts, and other information about the author.

Submissions & Subscriptions

Submit the post to Reddit, StumbleUpon, Digg or

Did you like it? Then subscribe to our RSS feed!

  1. Estudio los Teros » Blog Archive » Consejos de seguridad para WordPressMarch 17, 2009 at 6:08 am
  2. 8 Ways to Secure Your Wordpress Weblog - Valen DesignsMarch 20, 2009 at 11:35 pm
  3. WordPress Login Security | (Anti) Social DevelopmentApril 15, 2009 at 10:03 am
  4. Useful Wordpress Security Plugins and Tips | www.keemanxp.comAugust 12, 2009 at 9:23 pm
  5. Wordpress Security Tips and Hacks | Minhyeong's IT MagazineAugust 28, 2009 at 6:53 am
  6. Oude WordPress installaties worden aangevallen : WordPress DimensieSeptember 5, 2009 at 2:41 pm
  7. Security Threat: WordPress Under Attack . Update your WP Now! | Online GeeksSeptember 5, 2009 at 7:34 pm
  8. WordPress Security Tips | Sakin BlogSeptember 6, 2009 at 12:17 am
  9. 10 day websites » WordPress Under AttackSeptember 6, 2009 at 12:38 am
  10. Old WordPress Versions (prior to 2.8.4) Under Attack :: HTML Websites, Web Design, Splash Pages, Blog Headers, Wordpress Blogs, Blog SitesSeptember 6, 2009 at 7:57 am
  11. Securing your WordPress websitesSeptember 18, 2009 at 6:13 am
  12. WordPress Security Guide | Using social media to guide and help you connect to social networks: Twitter, Facebook, Google, LinkedIn, YouTube using social mediaOctober 9, 2009 at 5:18 am
  13. Old WordPress Versions Under Attack | All Tutorials - Blogger - Wordpress - Joomla - Design - InsuranceOctober 15, 2009 at 6:13 pm
  14. Mais segurança no Wordpress | Unsecurity .info - Segurança Web em portuguêsOctober 26, 2009 at 11:19 pm
  15. I Can Guess Your Password. | Baby Boomer Going Like SixtyNovember 1, 2009 at 4:58 pm
  16. Old WordPress Versions Under Attack | WordpressWizardNovember 7, 2009 at 2:14 am
  17. Wordpress Security Tips and Hacks | TipsViet - Blog Thủ Thuật ViệtNovember 29, 2009 at 2:41 pm
  18. 12 советов безопасности для WordPress | Искусство создания и продвижения сайтаJune 2, 2010 at 8:16 am