34SP.com
  • Domain Names
  • Hosting Plans
  • Support
  • Contact
  • Login

Knowledge Base

  • Domains
  • Professional Hosting
  • Universal Hosting
  • Reseller Hosting
  • VPS Hosting
  • Dedicated Servers
  • Billing
  • Account Management
  • WordPress Hosting
  • Website Builder
  • View All

Insecure WordPress Password

Applies to:
WordPress Hosting

Introduction

Every night the WordPress Hosting platform runs a check against all administrator accounts on your WordPress hosting account/s, looking for insecure passwords.

We use a password list containing the most common 100,000 passwords and we test each password against each administrator user. If a password matches, it’s flagged as insecure and the user receives an admin notification to change their password, the next time they login. Once the password is changed, the message is removed.

Currently we only check user accounts with the "administrator" role within WordPress.


I have received an insecure password message

If you have received the message please take the following steps.

  1. Login to your WordPress admin area
  2. Click Users -> Your Profile
  3. Scroll down and click Generate Password
  4. Either use the pre-generated password or add your own password
  5. Click update profile

Use a secure password/passphrase

A secure password should be at least 12 characters long but longer is better. Adding special characters and numbers is also advisable but the important aspect is the length overall.

Your password should be unique, don’t use your password on more than one account.

Our recommendation is to create a passphrase, select 4 or more random words to create a unique passphrase. If you will struggle to remember a passphrase then consider using a password manager software such as 1password, lastpass or KeePass.

In addition to a strong passphrase or use of a password manager, consider enabling two factor authentication to provide an additional layer of protection.


User Privacy

We respect users privacy and security, and as such the scanning tool does not store which password is set, only that the password was found on the list. While we only notify the user affected,we do store this flag in the database. In some circumstances it is possible for those with database access to identify the user password has been flagged. We collect anonymous statistics on the number of insecure passwords the tool has found, but don’t centrally store which user accounts are affected.

Was this article helpful?

61 people found this article helpful
Hosting made with ♥ in Manchester
34SP.com
Products
  • Domain Names
  • Professional Hosting
  • Universal Hosting
  • WordPress Hosting
  • Reseller Hosting
  • VPS Hosting
Support
  • Support Centre
  • Support Charter
  • Knowledge Base
  • System Status
  • Contact Us
  • Arrange Call Back
Company
  • About
  • Sustainability
  • Price Promise
  • Careers
  • Customer Stories
  • Sitemap
  • Privacy Policy
Follow
  • 34SP.com Blog
  • Twitter
  • Facebook
  • Instagram
  • Youtube
  • Items (£0.00)
  • Proceed to checkout
Download Video
34SP.com