If a hacker was to get hold of your blog’s main admin password then they could take control of your blog. From simply adding posts that link to their own website, to loading virus software onto your readers’ computers and even getting you to unintentionally host phishing pages, there are loads of prizes a hacker can take if they access your blog.
And for you — well if a hacker gains access to your blog you can lose all of your hard work!
How a hacker gains entry
A hacker will gain entry to your blog in a couple of ways. First, they might use key logging software to ‘watch’ you type in your password. You protect yourself here by anti virus software and secure connections. But, this is a difficult way to get access to your blog.
The other way is to simply ‘guess’ your password. A hacker will use a program to constantly try different possible passwords to log on to your admin — known as a brute force attack. A simple password will not take long to guess and that is why a strong password is essential.
‘Simple’ passwords
Using something as simple as ‘pass1’ is very insecure. Why? Well if the hacker starts at a, the aa, then ab and so on it will not take them long to get to your password. However, even ‘Pass1’ is harder to guess as the attack needs to look at upper and lower case letters.
Stronger passwords
But even both of these examples are very weak. The longer the password is the longer it will take to go through all of the combinations required to guess it. Stick to lower case letters and numbers and there are 36 characters per position. Include upper case characters and unusual characters and that can jump to 70 or 80 combinations. Expand that to an 8 character long password and the combinations possible becomes 80 * 80 * 80 * 80 * 80 * 80 * 80 * 80! Trying to go through these combinations becomes a lengthy process, during which hopefully the attacker gives up and tries elsewhere.
Send the hacker elsewhere
There are two further tricks to make sure the attacker moves elsewhere. First of all do not use a simple to guess user id. For example, in WordPress, do not use ‘admin’, which is the default. Now the hacker has not just to guess the password but also the user name.
The second security trick is to install a plugin that will block out a hacker from attempting new passwords, such as Limit Login Attempts. This detects a brute force attack and locks out the hacker for a period of time. Suddenly, not only are they trying a lot of combinations but also taking days between guesses.
More my articles: https://bestantiviruspro.org/author/james-lu/