WordPress Password Protection – A Complete Guide – Security Boulevard


This is an ‘ultimate’ or comprehensive guide to WordPress password protection for business website administrators and owners. It’s written for those who manage or are the administrators of WordPress websites.

Roles aside, the next most vulnerable and easily hardened WordPress website security is your use of passwords, according to WordPress and security software vendors. Armed with login credentials, someone could potentially access your website and all the configurations and data available from the WordPress dashboard. A logged-in user could impersonate you, add, amend or delete items, deface your website, and ruin your business.

This blog post provides a series of best practice guidelines to help you establish secure WordPress password protection across your organization and educate your users on their use.

Table of Contents

Establish a strong password security policy

As a WordPress website Administrator, you have the opportunity and responsibility to enforce a strong password policy on your users. In doing so, you will protect your organization, its websites, data, staff and other users from a range of attacks.

  • In the case of a company and its internal employees, marketing employees will need access to the WordPress website to create and edit website pages and blog posts, while others will only need access to moderate and respond to comments. On the other hand, client account management or customer service employees will need varying levels of access to customer accounts, to respond to support tickets. In this case, most internal staff users will not need access to customer accounts, though some will. Those working in IT support may need access to some aspects of customers accounts, though not all.
  • Let’s think of the other viewpoint, that of external users on an ecommerce WordPress website. They may need to login in to manage their account, make a purchase, track the status of a delivery or return, or contact customer support. Those same users should not be given access to create or delete web pages for example, or be able to view the account and financial details of other customers. In some cases, ecommerce websites do not require users who are customers to create an account and log in at all, as it can sometimes be a barrier to getting a sale.

Why is all this consideration necessary? Don’t users already know how to create and use secure passwords?

The average computer user is not well educated about WordPress password protection or WordPress password security in general. It’s likely they will have a lax attitude to their own online data and find managing login credentials stressful (all of which we’ll discuss later), and they write them down on sticky notes and stick them to their monitors!

In addition:

RSS Feeds

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts