WordPress.org

Support

Support » How-To and Troubleshooting » [Resolved] Weak security on protected posts?

[Resolved] Weak security on protected posts?

  • I have recently started using WordPress and I love it! However, I have two posts that are currently protected and today someone posted a comment on both of them. No one should know the password (same password for both posts). Both comments contained references the post, so I know the visitor actually read it, too. They were rude and obnoxious comments, so they’re now deleted. Are protected posts really that insecure? How can I fix it so my proteted posts aren’t hacked again somehow and read by the wong people?

Viewing 7 replies - 1 through 7 (of 7 total)
  • “No one should know the password”

    With respect, everyone says that.
    If you put information on the internet, you are putting it into an environment populated by millions, and some of them will be after breaking passwords. You may have thought the password was good – this demonstrates it was not.

    This is a fairly good password:
    6RU1r
    This is better:
    jCm_1W1T

    Using simple words, even two or three of them is poor.

    Get a good password generator / manager.
    http://keepass.sourceforge.net/

    Moderator James Huff

    @macmanx

    The weakest link is always the password. Here’s an online password generator: http://www.winguides.com/security/password.php

    For what it’s worth, none of my “important” passwords are any less than this type of length and structure:
    Th+CRvgksUVbbhwux3jz

    Moderator James Huff

    @macmanx

    I want to know how you would plan on remembering those without a password manager. ^_-

    I use keepass 🙂

    OT: I recently transferred all my passwords from various txt files and another password manager into keepass. I’ve got 78 passwords – everything from ftp, this forum, blogs, other forums, email … not one is the same as another, and none are words.

    Also recently, someone mailed me asking for wp help. They sent me their BLOG login as I would need to get into their blog. With just that, I was able to guess their ftp info, cpanel login, access their databases – basically their entire domain was mine to play with. I let them know this and pointed them at Keepass.

    Passwords ARE the weakest link, and as the user sets them, when you get hacked then it was probably the users fault.

    Yeah, I’m a network administrator and enforce our employees to use good passwords for their logins and such. Although I wouldn’t say the password I used on those blog entries were “high quality” like we use at work, they weren’t bad either. Oh well. Guess I’ll have to make it even more difficult. Thanks for the feedback guys!

    One of my favorite FF extensions ever: https://addons.mozilla.org/extensions/moreinfo.php?id=135

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘[Resolved] Weak security on protected posts?’ is closed to new replies.
Skip to toolbar