Protecting your blog with a strong password is essential. How can you create a strong password and what else can you do? And what can happen if you don’t?

If a hacker was to get hold of your blog’s main admin password then they could take control of your blog. From simply adding posts that link to their own website, to loading virus software onto your readers’ computers and even getting you to unintentionally host phishing pages, there are loads of prizes a hacker can take if they access your blog.

And for you – well if a hacker gains access to your blog you can lose all of your hard work!

How a hacker gains entry
A hacker will gain entry to your blog in a couple of ways. First, they might use key logging software to ‘watch’ you type in your password. You protect yourself here by anti virus software and secure connections. But, this is a difficult way to get access to your blog.

The other way is to simply ‘guess’ your password. A hacker will use a program to constantly try different possible passwords to log on to your admin – known as a brute force attack. A simple password will not take long to guess and that is why a strong password is essential.

‘Simple’ passwords
Using something as simple as ‘pass1′ is very insecure. Why? Well if the hacker starts at a, the aa, then ab and so on it will not take them long to get to your password. However, even ‘Pass1′ is harder to guess as the attack needs to look at upper and lower case letters.

Stronger passwords
But even both of these examples are very weak. The longer the password is the longer it will take to go through all of the combinations required to guess it. Stick to lower case letters and numbers and there are 36 characters per position. Include upper case characters and unusual characters and that can jump to 70 or 80 combinations. Expand that to an 8 character long password and the combinations possible becomes 80 * 80 * 80 * 80 * 80 * 80 * 80 * 80! Trying to go through these combinations becomes a lengthy process, during which hopefully the attacker gives up and tries elsewhere.

Send the hacker elsewhere
There are two further tricks to make sure the attacker moves elsewhere. First of all do not use a simple to guess user id. For example, in WordPress, do not use ‘admin’, which is the default. Now the hacker has not just to guess the password but also the user name.

The second security trick is to install a plugin that will block out a hacker from attempting new passwords, such as Limit Login Attempts. This detects a brute force attack and locks out the hacker for a period of time. Suddenly, not only are they trying a lot of combinations but also taking days between guesses.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

If you want to keep up with our latest posts, just follow us on our RSS feed, join our weekly newsletter or follow us over at Twitter. Please do join in - it is totally free and only the best posts are passed to you!

Also, leave a comment below. We are a 'DoFollow' blog, so it is well worth your time. Thanks for calling in.

Similar Articles You Might Like To Read:
    Securing Your Blog With A Better Password It sounds simple, secure your login with a good password. So, why do so many people struggle? I know of...
    Protecting WordPress From Brute Force Hackers So, what can we do to protect out blogs from brute force attacks, where hackers just spend ages trying out...
    Limit Login Attempts And Lock Out Hackers One way hackers will try to hack into a target website is by running a program that tries thousands of...
    Choosing A New WordPress Admin Name If you want to make sure that you beat brute force hackers, then you must change your admin userid. Here...
    Blog Protection From Hackers If you are writing a blog then you have to be aware that you could be the target for hackers...
    Ways Hackers Can Attempt To Attack Your Blog If you are worried about the security of your blog (and if you own a blog, you should be), then...
    Locking Down Your WordPress Admin Login If someone is going to attempt to attack your blog through brute force, a good password and an unusual admin...
    A Good Looking Idea, Not Quite There The last time I wrote I was talking about signing up to and the account problems. Still no joy,...
    How to Prevent Someone Hacking Into Your Blog No-one wants to see their blog hacked, a random message on the home page, messages deleted, links to unsavory websites...
    What To Look Out For Following A Blog Attack Is it always useful to be on the lookout for the signs of your blog being attacked, even if you...