WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Weak security on protected posts? (8 posts)

  1. godrox
    Member
    Posted 9 years ago #

    I have recently started using WordPress and I love it! However, I have two posts that are currently protected and today someone posted a comment on both of them. No one should know the password (same password for both posts). Both comments contained references the post, so I know the visitor actually read it, too. They were rude and obnoxious comments, so they're now deleted. Are protected posts really that insecure? How can I fix it so my proteted posts aren't hacked again somehow and read by the wong people?

  2. Mark (podz)
    Support Maven
    Posted 9 years ago #

    "No one should know the password"

    With respect, everyone says that.
    If you put information on the internet, you are putting it into an environment populated by millions, and some of them will be after breaking passwords. You may have thought the password was good - this demonstrates it was not.

    This is a fairly good password:
    6RU1r
    This is better:
    jCm_1W1T

    Using simple words, even two or three of them is poor.

    Get a good password generator / manager.
    http://keepass.sourceforge.net/

  3. The weakest link is always the password. Here's an online password generator: http://www.winguides.com/security/password.php

  4. Mark (podz)
    Support Maven
    Posted 9 years ago #

    For what it's worth, none of my "important" passwords are any less than this type of length and structure:
    Th+CRvgksUVbbhwux3jz

  5. I want to know how you would plan on remembering those without a password manager. ^_-

  6. Mark (podz)
    Support Maven
    Posted 9 years ago #

    I use keepass :)

    OT: I recently transferred all my passwords from various txt files and another password manager into keepass. I've got 78 passwords - everything from ftp, this forum, blogs, other forums, email ... not one is the same as another, and none are words.

    Also recently, someone mailed me asking for wp help. They sent me their BLOG login as I would need to get into their blog. With just that, I was able to guess their ftp info, cpanel login, access their databases - basically their entire domain was mine to play with. I let them know this and pointed them at Keepass.

    Passwords ARE the weakest link, and as the user sets them, when you get hacked then it was probably the users fault.

  7. godrox
    Member
    Posted 9 years ago #

    Yeah, I'm a network administrator and enforce our employees to use good passwords for their logins and such. Although I wouldn't say the password I used on those blog entries were "high quality" like we use at work, they weren't bad either. Oh well. Guess I'll have to make it even more difficult. Thanks for the feedback guys!

  8. One of my favorite FF extensions ever: https://addons.mozilla.org/extensions/moreinfo.php?id=135

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags