How to Create Secure Passwords For Your Website

Have you ever had to sign up for a new account, but once the time came to create a password, your spirits dropped a little? It’s hard enough to remember one password let alone multiple passwords. Panic sets in as the security suggestions prompt you to add more numbers and unique characters. How am I going to remember this? Why does this even matter if I’m the only one who accesses this account?

We’ve written previously about the elements of a secure password, and the topic is still important today. Hackers gain new insight on how to break passwords daily, and password lists created from breaches continue to put your site at risk.

Passwords and Brute Force Attacks

Even though your admin panel or FTP accounts are supposed to only be accessed by you and a select few individuals, passwords are often the only thing stopping bad actors from gaining unauthorized access.

One such instance is when you receive multiple Failed Login Attempts. This is known as a brute force attack, where bots are continuously trying to login by guessing the most common passwords. These bots are relentless and have nothing but time to try and guess your password. The harder the password, the less likely they are of getting into your personal accounts.

You can block brute force attacks using the Sucuri Firewall

If a hacker does gain access to your server through the administration panel or via FTP, you can say goodbye to your great SEO rankings and reputation. Your site could be filled with malware and sending spam to all of your visitors within moments (due to the nature of automated attacks). This is what we need to avoid by ensuring our passwords are strong and ready to stand up against bots.


What Makes a Good Password?

Let’s review a few of the key considerations to making a strong password.


You might have been told this before, but Password123!, or 123456, or any obvious combination of sequential numbers and letters will be guessed very easily. It’s also not wise to use your birthday or name as these pieces of information can be found without much effort by anyone on the web.

We discuss the use of dictionary-based attacks and password lists in our previous article on the dynamics of passwords.


The longer your password, the better. If you have more characters, mathematically your password already has a higher probability of not being guessed. More characters equals a stronger password!

password length and complexity tool in LastPass


Adding numbers and unique characters will set your password apart. Anyone can use their dog’s name, Harry, as their password. By adding numbers, characters, and a mixture of lower and upper case letters, the original Harry becomes obscured as &H4RrY)*7 – and therefore much harder to guess.

password strength meter example


Be sure that when you make your unique passwords, that you never re-use them. If one of your accounts gets compromised, you want to ensure that account is isolated. If you had multiple accounts with the same password then all of those accounts will also be compromised which can be devastating not only to your website, but to your personal life as well.


How to Remember Passwords

If the thought of trying to remember all of these unique passwords for all of your accounts makes you woozy, then I have the solution for you! The easiest way to keep you on track is by using password managers such as LastPass and Dashlane. They will keep all of your passwords in one “vault” and even auto-fill in passwords if you take advantage of the browser extension. You can also stop worrying about coming up with hard passwords as they can generate them for you.

lastpass password generator


A surefire component of keeping website security is enforcing the use of strong passwords. Adding more characters and numbers will make the password longer and help to ensure that it’s not easily guessed.

Hackers have lots of tools in their arsenal to hack our sites, let’s make life harder for them by creating strong passwords! You can also leverage our Web Application Firewall which will block any unwanted IPs from logging into your site and avoid Brute Force Attacks completely.

*** This is a Security Bloggers Network syndicated blog from Sucuri Blog authored by Celise Davison. Read the original post at: