[resolved] Weak security on protected posts? (8 posts)

  1. godrox
    Posted 10 years ago #

    I have recently started using WordPress and I love it! However, I have two posts that are currently protected and today someone posted a comment on both of them. No one should know the password (same password for both posts). Both comments contained references the post, so I know the visitor actually read it, too. They were rude and obnoxious comments, so they're now deleted. Are protected posts really that insecure? How can I fix it so my proteted posts aren't hacked again somehow and read by the wong people?

  2. Mark (podz)
    Support Maven
    Posted 10 years ago #

    "No one should know the password"

    With respect, everyone says that.
    If you put information on the internet, you are putting it into an environment populated by millions, and some of them will be after breaking passwords. You may have thought the password was good - this demonstrates it was not.

    This is a fairly good password:
    This is better:

    Using simple words, even two or three of them is poor.

    Get a good password generator / manager.

  3. James Huff
    Volunteer Moderator
    Posted 10 years ago #

    The weakest link is always the password. Here's an online password generator: http://www.winguides.com/security/password.php

  4. Mark (podz)
    Support Maven
    Posted 10 years ago #

    For what it's worth, none of my "important" passwords are any less than this type of length and structure:

  5. James Huff
    Volunteer Moderator
    Posted 10 years ago #

    I want to know how you would plan on remembering those without a password manager. ^_-

  6. Mark (podz)
    Support Maven
    Posted 10 years ago #

    I use keepass :)

    OT: I recently transferred all my passwords from various txt files and another password manager into keepass. I've got 78 passwords - everything from ftp, this forum, blogs, other forums, email ... not one is the same as another, and none are words.

    Also recently, someone mailed me asking for wp help. They sent me their BLOG login as I would need to get into their blog. With just that, I was able to guess their ftp info, cpanel login, access their databases - basically their entire domain was mine to play with. I let them know this and pointed them at Keepass.

    Passwords ARE the weakest link, and as the user sets them, when you get hacked then it was probably the users fault.

  7. godrox
    Posted 10 years ago #

    Yeah, I'm a network administrator and enforce our employees to use good passwords for their logins and such. Although I wouldn't say the password I used on those blog entries were "high quality" like we use at work, they weren't bad either. Oh well. Guess I'll have to make it even more difficult. Thanks for the feedback guys!

  8. Alex Mills (Viper007Bond)
    Posted 10 years ago #

    One of my favorite FF extensions ever: https://addons.mozilla.org/extensions/moreinfo.php?id=135

Topic Closed

This topic has been closed to new replies.

About this Topic