Online Password Security

In this tutorial, we look at basic security practices that contribute to overall web security, like password security.

WordPress Security TutorialsThis tutorial is part of our tutorial series on WordPress Security. In this tutorial, we look at how improving basic security practices like password security can contribute to your overall web security.


Password Security

One of the most common methods used by hackers to crack into websites, computers, servers, etc. is to run brute-force attack software persistently on login areas, looking for weak password combinations.

Many potential vulnerabilities can be avoided with good security habits. Using strong passwords is one of the first and most important security habits you can develop.

A strong password is not only necessary to protect your website, but your entire online presence. A hacker who gains access to your computer administrator account is able to install malicious scripts that can potentially compromise your entire server.

Creating A Strong Password

The goal with creating strong passwords is to make it hard for other people to guess them and hard for a brute force attack to succeed.

Strong Password Foundations

To create a strong password, keep the following in mind:

  • Avoid any permutation of your own real name, username, company name, or name of your website. You also should avoid choosing a simple password like your child’s name or your pet’s name.
  • Avoid using words from a dictionary, in any language.
  • Don’t use short passwords. Make your passwords long (over 8 characters) whenever possible. The longer the password you have, the stronger it is. 8 – 12 character passwords are ideal. See the ‘Password-Permutation’ section below for more details.
  • Avoid using numeric-only or alphabetic-only password. A mixture of both is best. Use a combination of uppercase, lowercase, numbers and non-alphanumeric characters. Non-alphanumeric characters are symbols like: $, #, [, %,^,&,}, ~, /, *, @, etc…
  • Even though you have probably heard this a million times before, it is worth repeating it again: Don’t use the same password for all your websites and logins.
  • Elaborate, strong passwords are not going to be easy to remember. Consider using a password management tool (see below).

Strong Password Generators

Many password generators are available that can be used to automatically create secure passwords.

You can find free secure password generators online …

Password Security


You can also create passwords using password management tools such as RoboForm

Password Security

RoboForm is a powerful tool that helps you manage multiple passwords easily and access all of your logins with a single click from your desktop PC, laptop or mobile device …

To learn more about password management software, see the tutorial below:

Password Management Software

WordPress also features a password strength meter which is shown when changing your password in WordPress. Use this feature when changing your password to ensure the strength of your password is adequate …

Password Security

Password Permutations

In password security terms, ‘permutation’ refers to the number of possible combinations of characters, numbers, symbols, etc. that it would take for someone to decode a password.

For example, if you have a 3-character password using only the numbers 1, 2, and 3 and they are allowed to repeat, then there are 27 possible password permutations, as shown below:

  1. 111
  2. 112
  3. 113
  4. 121
  5. 122
  6. 123
  7. 131
  8. 132
  9. 133
  10. 211
  11. 212
  12. 213
  13. 221
  14. 222
  15. 223
  16. 231
  17. 232
  18. 233
  19. 311
  20. 312
  21. 313
  22. 321
  23. 322
  24. 323
  25. 331
  26. 332
  27. 333

The permutation formula for a 3-character password where the password characters are allowed to repeat is as follows:

Password Security

If your password is only three characters long, and you use all 26 characters from the English alphabet, then the number of permutations required to decode your password are as follows:

Password Security

Any hacker using a brute-force attack software and a computer with minimal processing power can crack the above password in no time.

Adding just one more character to your password, however, can increase the magnitude and complexity of your password to a level that would make it significantly more difficult for hackers to crack, as shown below …

Password Security

As you can see, increasing your password length by just one character makes it significantly more difficult to crack.

An 8-character password that uses all 26 letters of the English alphabet plus 10 numbers (0 – 9) creates the following number of possible combinations …

Password Security

When you add in a combination of uppercase and lowercase letters, plus non-alphanumeric characters (e.g. $, #, [, %,^,&,}, ~, /, *, @, etc.) to a case-sensitive password, then you can see just how significantly increased the magnitude of your password security will be.

Important Info

Make sure to implement strong password security measures for all of your online access points. This includes:

Additionally, make sure to research and implement or review the following security measures in your specific setup …

  • Email Password Security
  • FTP Password Security
  • Web Server / Web Hosting Security

Hopefully, the above will help you understand how improving basic security practices like password security can contribute to your overall web security and why using strong passwords for your online assets makes it more difficult for hackers to crack your passwords and breach your security measures.


"Your training is the best in the world! It is simple, yet detailed, direct, understandable, memorable, and complete." Andrea Adams,


Recommended Video Courses For WordPress Users

How To Use cPanelHow To Use cPanel

cPanel is a powerful and simple-to-use web hosting management software application that gives website owners the ability to quickly and easily manage their servers and websites using a simple and intuitive dashboard.

This video course will teach you how to use the main features of cPanel to manage your web hosting.

More info: How To Use cPanel

Recommended Video Courses For WordPress Users

How To Set Up WordPress On LocalhostHow To Set Up WordPress On Localhost

Learn how to install, set up, and locally host a fully functioning WordPress site on your computer.

More info: How To Set Up WordPress On Localhost

Recommended Video Courses For WordPress Users

WordPress SecurityWordPress Security

Learn how to keep your WordPress site or blog secure and protected from malware, hackers and brute-force attacks.

More info: WordPress Security

Recommended Video Courses For WordPress Users

How To Back Up & Restore WordPress SitesHow To Back Up & Restore WordPress Sites

Learn how to safely and automatically backup your WordPress files and database and how to easily restore your WordPress site if something were to happen.

More info: How To Back Up & Restore WordPress Sites

Recommended Video Courses For WordPress Users

How To Use FTPHow To Use FTP

This video course shows you how to use FTP (File Transfer Protocol) to transfer and upload files between your hard drive and your server using a free FTP program called Filezilla.

More info: How To Use FTP

Recommended Video Courses For WordPress Users

How To Use Amazon S3How To Use Amazon S3

Learn how to set up and use Amazon S3 to upload, store, manage, and protect your site’s images, large media files, downloadable files, stream videos and more.

More info: How To Use Amazon S3

Recommended Video Courses For WordPress Users

Using Password ManagersUsing Password Managers

Password Managers provide an easy and secure way to keep track of all your passwords. This video course shows you how to use two FREE powerful password management tools.

More info: Using Password Managers

Author: Martin Aranovitch

Martin Aranovitch is the owner of and the author of The WordPress User Manual. provides hundreds of FREE tutorials that show you how to use WordPress to grow your business online with no coding skills required! Get our FREE "101+ WordPress Tips, Tricks & Hacks For Non-Techies" e-course with loads of useful WordPress tips!

Originally published as Online Password Security.