Protect Your Blog With a Solid Password

Filed as Features on May 8, 2007 8:14 am

I’m not going to name names, but I heard recently of some WordPress bloggers who had their blog’s “broken into” not because of a vulnerability in the WordPress code, but because their passwords were easily guessed and used.

Is yours?

I vaguely remember a television court drama from a few years ago against a gun safe company, won because a locked gun safe was easily broken into by a child. The combination was very simple like a phone number, 123456 or 654321. For one of these bloggers, their password was their name spelled backwards. The other used the password “wordpress”. Is the password on your blog just as simple?

The most common passwords are:

  • Middle names
  • Names spelled backwards
  • Phone numbers
  • The word “password”
  • Birthdays
  • Single or combination uses of love, god, sex, and money, such as lovemoney or sexgod
  • qwerty
  • abc123
  • password1
  • asdf
  • car license
  • letmein
  • yourname1
  • default

According to Wikipedia’s explanation of Password Cracking, “Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs.”

With all of the hype over security vulnerabilities and patches, virus scanning programs, firewalls, and protecting passwords and usernames, people are still really stupid when it comes to choosing and disclosing their usernames and passwords. Wired reported on a MySpace phishing attempt to gain access to usernames and passwords with these results: “MySpace estimates that more than 100,000 people fell for the attack before it was shut down.”

They also reported that “while 65 percent of passwords contain eight characters or less, 17 percent are made up of six characters or less. The average password is eight characters long.” The eight character limit has been trained into us as that was the longest the earliest software programs could handle. It’s not true anymore, but it’s a habit. Is your password eight or less characters long?

Roger Grimes of InfoWorld got some of the information on the MySpace debacle and reported:

*Almost 1 percent of users had the word “password” as, or as part of, their password. Not real clever.

*Words, colors, years, names, sports, hobbies, and music groups were very popular. FYI, your girlfriend or boyfriend’s name isn’t that uncommon in most cases. I, too, luv Brandi, Bob, or Joe.

*The color red was twice as likely to be used in a password as blue. No other colors came close in popularity percentage-wise. I guess “chartreuse” is a relatively safe password choice.

*Other popular words include: angel, baby, boy, girl, big, monkey, me, and the.

*Cuss words were very popular. Boy, there’s a lot of aggression out there.

*I was surprised about how many Christian-sounding — for example, “Ilovejesus” — log-on names were associated with the worst cuss words.

*Names of sports — golf, football, soccer, and so on — were as popular as professional sports teams and college team nicknames.

The strongest passwords are created with letters and numbers, or even with characters such as !@#$%*(). There are also a variety of free online programs that will help you create a complex and not easily broken password. Unfortunately, remembering such passwords is more challenging.

Door, photography by Brent VanFossen, copyright Brent VanFossen - not for public useRemembering such passwords for every password need you have, such as with your blog, email, web host, social networking services, social bookmarking services, blog registrations, software registrations, forums, chats, discussion groups…I don’t know about you, but I’m overwhelmed with passwords. I have a clipboard with 12 pages of all the passwords I’ve had with all the various online password accessed services for over the years! How can we remember all of these?

We can’t. Yes, there are now software and browser programs which will “remember” for us, but hit the road, borrow a computer away from home or office and that password program won’t help you then. Still, the passwords we use the most need a method to make them complex but memorable.

A popular technique is to work with acronyms based upon a favorite phrase of music, poetry, or quote, or a simple sentence. For example, “Oh, I just can’t wait to be king” from the Lion King could be abbreviated as:

  • OIJCWTBK
  • OiJcWtBk
  • OeyeJcW82bK
  • Oheyejustc8ntw82bking
  • kbtwcjio
  • 01j(W2bk
  • hiuaaoei (using the second letter of each word)
  • 01j(\/\/7B|Leet Speak Converter)

It also helps to not use the same password for everything you access. Some suggest using the name of the program or service within the password, spelled forwards or backwards or the first or last three or four letters, within their password.

Examples from above for a WordPress (WP) blog might be:

  • OIJCWPWTBK
  • WPOIJCWTBK
  • OIJCWTBKWP
  • OIJCWWordPressTBK
  • OIJCWTBKWordPress

You could easily replace WordPress or WP with ebay, myspace, flickr, or whatever title you need to remember which is which.

Years ago, a security expert told me that if any part of your password is in the dictionary, it can be hacked. The two keys to protecting your password is making it difficult for others to figure out, and don’t tell others. No matter how “honest” their request may appear. According to Yahoo’s Security Password Tips: A password is like a toothbrush: Choose a good one and don’t share it.

Some articles with good tips on creating respectable and fairly foolproof passwords are:


Lorelle VanFossen blogs about blogging and WordPress on .

Tags: ,

This post was written by

You can visit the for a short bio, more posts, and other information about the author.

Submissions & Subscriptions

Submit the post to Reddit, StumbleUpon, Digg or Del.icio.us.

Did you like it? Then subscribe to our RSS feed!



  1. By engtech posted on May 8, 2007 at 10:43 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Good tip for passwords. people *always* forget that their passwords are as secure as the weakest site where they use the same password.

  2. By J. Angelo Racoma posted on May 8, 2007 at 10:55 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Leet speak works for me. Like your Lion King analogy, it could be 01jcwtbk or such. That way, you can also use symbols like @ or !, or numbers, and still not forget as easily. Unfortunately, sometimes those passwords are not as secure as truly random strings of text/characters. I usually attach some characters of the site URL or title in my mnemonic.

  3. By pelf posted on May 8, 2007 at 11:50 am
    Want an avatar? Get a gravatar! • You can link to this comment

    I blogged about “managing my passwords” last month — and in the post, I quoted Justin Kistner’s method of systematic digital life management.

    We all can’t run away from memorizing passwords these days, huh? Every-freaking-thing we do online needs a password. I’d be delighted to chance upon sites that do not require you to register to enjoy the services/benefits :)

  4. By raimondo posted on May 8, 2007 at 1:50 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    The problem with “strong” password is “one to many”: one user has many online services to mantain.

    Do you have a suggestion?

  5. I Can Guess Your Password. « Going Like SixtyMay 8, 2007 at 4:33 pm
  6. By Lorelle VanFossen posted on May 8, 2007 at 5:40 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    A suggestion on remembering or keeping track of all the m any passwords and user names? I’ve tried many online and desktop password keepers and the only truly successful method I’ve found is paper. I keep mine on printed forms I typed up with the site name, username, password, and any other info I need to “remember”. It “hides” in plain sight on my desk, on a clipboard. I just have to tear my desk apart to find it each time I need it. ;-)

  7. PasswordsMay 9, 2007 at 1:59 am
  8. Why You Should Choose A Secure PasswordMay 9, 2007 at 10:08 am
  9. Politics in the Zeros_archi »Blog Archive » Choose your passwords wellMay 9, 2007 at 11:08 pm
  10. By Marco posted on May 10, 2007 at 3:13 am
    Want an avatar? Get a gravatar! • You can link to this comment

    If you are going to use multiple strong and complex passwords you can’t remember all of them and you definitely need a password manager.

    Using a password manager is not merely convenient, it’s an effective way to adopt better security practices without too much stress. It basically sums up to: 1) never re-use the same password, 2) use strong passwords.

    Software products are certainly an option, but you could also consider a web based solution.
    (Yes, I’m a tad biased …)

    Clipperz is an online password manager that can do much more than simply storing your passwords.
    – ubiquitous access
    – direct login to online services
    – offline version
    – bookmarklet for quick data entry
    – nothing to install or backup
    – …

    It’s free and completely anonymous.

    Clipperz lets you submit confidential information into your browser, but your data are locally encrypted by the browser itself before being uploaded.

    The key for the encryption process is a passphrase known only to you.
    Clipperz simply hosts your sensitive data in encrypted form and could never actually access the data in its plain form.

    For any further information refer to our website:
    http://www.clipperz.com.

    Marco
    Clipperz co-founder

  11. By Jim posted on May 14, 2007 at 10:28 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    I always like to use a combination of word + number + symbols if allowed.

  12. Web Browser Guide: Scams, Hoaxes, Rumor Mills, and Online Trash - Check the Facts : The Blog HeraldJune 7, 2007 at 5:57 pm
  13. Why a strong password?June 12, 2007 at 8:04 am
  14. How strong is your password? | Dissociated PressJune 12, 2007 at 3:02 pm
  15. Reflections » Blog Archive » Don’t Choose Stupid PasswordsJune 14, 2007 at 1:35 am
  16. What's your PaSsWoRd? - John Baker’s BlogJune 19, 2007 at 5:25 am
  17. The FreeColorPrinters Blog » Blog Archive » The Power of PasswordsJuly 18, 2007 at 11:50 am
  18. Protecting Your WordPress Blog « Lorelle on WordPressSeptember 10, 2007 at 11:03 am
  19. What is Hard About the Hard Work of Blogging? : The Blog HeraldOctober 14, 2007 at 7:23 pm
  20. Internet Ad Profiling Coming To a Wallet Near You : The Blog HeraldFebruary 15, 2008 at 1:19 pm
  21. Wordpress Security Tips and HacksFebruary 17, 2008 at 6:13 pm
  22. WordPress Wednesday News: WordPress 2.5 News, Colleges and Schools Love WordPressMU, Viddler Meets WordPress, Theme Buyers Beware, Columns in Blog Posts, Feeds Without Plugins : The Blog HeraldFebruary 20, 2008 at 10:56 pm
  23. 10 Medidas de Segurança a Implementar no Seu Blog Wordpress | WordPress-PTFebruary 21, 2008 at 9:49 am
  24. 10 medidas de segurança para o WordpressFebruary 21, 2008 at 4:20 pm
  25. MB TechCenter - Desarrollo web, Tutoriales, Recursos y mas..February 24, 2008 at 1:29 pm
  26. 10 Medidas de Segurança para seu Blog Wordpress | Gulp - Desenvolvimento e diversão (youtube, orkut bloqueado, bbb7, videos, revistas gratis, camera escondida, sites bloqueados ...)February 28, 2008 at 7:34 pm
  27. Fighting Blog Hacks: Preventing And Eliminating Intruders | Lost Art Of BloggingMarch 6, 2008 at 1:06 pm
  28.   10 medidas de segurança para seu blog em Wordpress TeclaF1March 21, 2008 at 6:07 pm
  29. Protect Wordpress From Hackers Safe wp-admin folder | Index BlogApril 9, 2008 at 8:36 pm
  30. Security Tips and Guidelines for Your Wordpress Blog |April 18, 2008 at 12:44 am
  31. BlogLabs » Blog Archive » 10 Medidas de Segurança a Implementar no Seu Blog WordpressApril 21, 2008 at 8:31 pm
  32. WordPress Wednesday News: WordCamps Everywhere, Webware 100 Again, Plugins to Fix WordPress 2.5, Change Admin Colors, and More : The Blog HeraldApril 23, 2008 at 5:50 pm
  33. WordPress Security Prevention, Reactions, and Scares « Lorelle on WordPressApril 28, 2008 at 5:15 am
  34. How to make your blog safe? | Life is simple! Don't make it complicatedApril 28, 2008 at 8:45 pm
  35. Marulz Blog » Blog Arşivi » Lorelle on WP: WordPress Security Prevention, Reactions, and ScaresMay 13, 2008 at 10:36 am
  36. Matthias Ohlmer, Family & Friends » Blog SSL gesichert - jetzt liegts bei EuchMay 20, 2008 at 1:15 am
  37. SmileHappy » Blog Archive » Dicas de segurança para blogs (Wordpress)July 18, 2008 at 5:58 pm
  38. Wordpress 安全技巧与修改 | WordPress | 站长日志August 28, 2008 at 2:48 am
  39. Wordpress Security Tips and Hacks | Wordpress ExpertSeptember 18, 2008 at 12:18 am
  40. How to protect your wordpress from being hacked? [How-to] 14 tips and tricks to Wordpress practical security | Ruhani RabinDecember 19, 2008 at 10:04 am
  41. Wordpress Security Tips and Hacks : phploopJanuary 7, 2009 at 6:16 am
  42. 14 tips per mettere in sicurezza wordpress | technorati.itJanuary 10, 2009 at 7:53 am
  43. Web Hacks, Worms, Infections, and Viruses: Is Your Blog Prepared? « Lorelle on WordPressJanuary 16, 2009 at 1:15 am
  44. Security and Hacking: Protect Thyself and Thy WordPress Blog | The Blog HeraldJanuary 19, 2009 at 4:48 am
  45. Downadup Spreads - Infects 1 in 16 PCs | The Blog HeraldJanuary 21, 2009 at 8:57 pm
  46. Making wordpress secure | Tutorials On WebJanuary 25, 2009 at 12:46 am
  47. The Agony of the Lost WordPress Password « Lorelle on WordPressFebruary 6, 2009 at 5:53 am
  48. WordPress Senha Perdida « ATer: Criação de SitesFebruary 7, 2009 at 9:47 am
  49. 14 tips untuk keamanan wordpress praktisFebruary 14, 2009 at 7:38 pm
  50. Firewalling and Hack Proofing Your WordPress Blog « Lorelle on WordPressMarch 7, 2009 at 10:10 pm