Protect Your Website Passwords

password promptWe all know how important it is to protect your banking and shopping accounts with strong passwords. But your website and email need the same protection. If hackers can determine your login for your domain registration, website control panel, WordPress admin or email account, they can cause a lot of damage. It’s critical that you use strong passwords that can’t be easily cracked, and that you share them only as necessary.

In this article we explain why it’s so important to choose passwords wisely and protect them. In the next installment we’ll give you some tips for choosing and using strong passwords.

Domain Name

Your domain name, for example “yourbusiness.com,” represents your identity on the web. If someone gets access to your domain registrar account, they can point your domain to a porn or spam site or even transfer the domain to a new owner. For this reason we recommend:

  • Make sure you know where your domain is registered and can put your hands on your password.
  • Share the password only when absolutely necessary. Domain configuration is generally needed only when you are setting up a new site or when you are moving your site and/or your email to a new server.
  • Register your domain with a different company from the one hosts your website. This way you can give a web developer or search engine marketer access to your website content without giving them access to the domain.

Website Control Panel

Your website control panel (sometimes called “cPanel”) is used by your webmaster primarily to set up your databases and email accounts, perform backups and access activity logs. Whoever has access to the control panel can change its password, delete or corrupt your database, change your website content or add email accounts to be used as spam relays. They can even inject hidden spam links or malware into your website without you realizing it. We recommend:

  • Make sure you know where your website is hosted and can put your hands on the login information for your control panel.
  • Share the login information only with your trusted webmaster.

Admin Account for Your Content

This is the account that you use to update your content if you use a content management system (CMS) like WordPress, Drupal or Joomla. This account is used by you and your webmaster to update content on the website. In addition, your webmaster will need access for keeping your core code and plugins up to date and for customizing templates. Whoever has access to the CMS admin can edit your content or install software that will inject spam links or malware into your pages. We recommend:

  • Make sure you know what CMS your website uses and the location for the admin login.
  • Make sure you know an administrator-level username and password for your site, even if you don’t use it.
  • Ensure that all logins with editing privileges have strong passwords that can’t be easily cracked.
  • Don’t share the administrator login information with anyone but your trusted webmaster.

All Email Accounts on Your Server

It’s obvious that we want good email passwords for privacy reasons. But you may think, “hey, no one’s going to be interested in reading my mail.” You are probably right: unless you’re an elected official or movie star, there’s little chance that someone’s going to hack your email address just to read your mail.

But there’s another important reason to secure your email address. If spammers figure out your email password, they can use your email account to send spam. Lots of spam. We recently saw a case where a spammer cracked an easy password and relayed over 700,000 spam messages through the victim’s email server in just a few hours. As a result, that email account and all other email accounts sharing that server were blacklisted and couldn’t send mail reliably for days.

The Good News

Sorry to paint such a black picture! But the solution is easy. You just need to choose good strong passwords and protect them. In the next article we recommend a few tips and tools that can help.