How to Choose a Secure Password for WP Admin [4 EASY Ways]

how to choose a secure password for wp admin

How secure is my password? It’s a common question asked by website owners. If you’ve built a WordPress website, you want to make sure to choose a good password for your WordPress admin area to keep your website safe. If your WP admin password is too obvious or easy, attackers can easily gain access to your WordPress site and to your sensitive information such as personal data or payment details.

So, if you’re wondering how to choose a secure password for WP admin, we can help you out. In this article, we’ll go over how to choose a secure password so that you can make sure your WordPress website is safe from intruders.

Password Security Statistics: Why Do We Need Strong Passwords?


More website owners need to be asking the question “How secure is my password?” in order to protect themselves. It’s taken you a lot of time and effort to build a WordPress website, so you don’t want to lose all of your hard work due to a weak password. Whether you run a popular eCommerce website or you have a personal WordPress blog, you’re at risk of intruders on your site who are not only after your sensitive information, but looking to take over your content to post spam and malware too.

Take a look at these statistics that show how important it is to pick the perfect password for your WordPress website and other online accounts.

  • Hacked passwords cause 81% of data breaches. (CSO)
  • 15.4 million people were victims of identity theft in 2016. (CNBC)
  • In the same year, consumers lost $16 billion due to fraudsters.
  • It only takes 15 minutes for a code-breaking program to figure out an 8-character password.
  • 8% of WordPress security breaches happen as the result of a weak password. (WPSmackdown)
  • Hackers attack WordPress sites both big and small, with over 90,978 attacks happening per minute. (WPPlugins)

As you can see, choosing a secure password for your WordPress admin area is essential to protect your website. But still, many people fail to realize that choosing a good password is their first line of defense against attackers. In fact, take a look at SplashData’s list of the top ten worst passwords that proves users are still not picking secure passwords:

    1. 1. 123456
    1. 2. password
    1. 3. 123456789
    1. 4. 12345678
    1. 5. 12345
    1. 6. 111111
    1. 7. 1234567
    1. 8. sunshine
    1. 9. qwerty
    1. 10. iloveyou

If your password is on this list, hackers can break in easily using brute force attacks.

While your password might not be as weak as the ones on this list, you still need to find out how secure your password is and learn some tips for how to choose a better password. So, let’s get into our guide for how to choose a secure password for WordPress admin.

1. Choose a Strong Username

When protecting your WordPress website from attackers, you don’t only need to pick a strong password, you need to choose a strong username as well. A strong username is just as important as a strong password. After all, if someone wants to get access to your WordPress admin area, they’ll need to figure out both your password and your username. If you choose a weak username, you’re removing an extra layer of security for your website.

Many users will choose to make their username “admin”, their name, or their email address. These username options are all too easy for intruders to figure out. So, choose something less obvious.

It’s also important not to choose a username that’s too obscure either. You have to be able to remember your username because in the case that you forget your password, your username is needed to retrieve it.

When choosing a good username for WordPress:

  • Avoid adding too many numbers and special characters, this will make it too difficult to remember.
  • Choose a username that’s not related to the content of your website.
  • Don’t include any personal details or information in your username.
  • Pick a username that’s personal and memorable to you, but would be hard for someone else to guess.

It’s also important to remember to hide your WP admin username from being displayed on your website pages. In your WordPress dashboard, go to Users, then to Your Profile. Go to the Display name publicly as and make sure to choose your nickname to display on your website instead of your username.


This way, your username will not appear in blog posts or other areas of your website for attackers to see.

2. Follow Strong Password Best Practices

Next, when choosing a secure password for your WordPress website, it’s best to follow strong password best practices. When you try to create a new password in WordPress, it will prompt you to select a strong password by giving your input a score.

strong password

To help you come up with a strong password that bots won’t be able to crack, there are a number of tips you should follow including:

  • The Longer The Better – The shorter your password is, the easier it will be for intruders to figure out. So, choose a password that’s at least 10 characters long.
  • Make it Unique – Don’t use common phrases like “iloveyou”, make it unique.
  • Add Something Special – Add numbers, special characters, and a mix of lowercase and uppercase letters.
  • Avoid Personal Details – Don’t create your password using personal details that can be associated with you like a pet’s name, your birth date, or the city you live in.
  • Avoid Dictionary Words – Hackers have sophisticated programs that search through thousands of dictionary words, so don’t pick a password that’s straight out of the dictionary.
  • Create a “Pass-phrase” – Instead of choosing a password like “pizza”, choose a pass-phrase which is a bunch of random words joined together like “pizza pumpkin window shoe”.

With these best practices for choosing a strong, secure password, you’ll have no problem coming up with a password that will make your WordPress website impossible to break into.

3. Use a Password Generator Tool

Instead of trying to figure out a strong password on your own, you can also use a password generator tool. A password generator tool will allow you to instantly get a rock-solid password that no hacker will be able to figure out.

There are a number of free password generator tools available online but we recommend using IsItWP’s own Free Strong Password Generator Tool.


With our Free Strong Password Generator Tool you can choose how long you’d like your password to be, and whether you want to include uppercase letters, numbers or special characters. Just press the blue circle to generate your strong password, and if you don’t like it, press it again to instantly get another option.

Our tool will also tell you how complicated your password would be for hackers to figure out. For example, with the generated password in the image above, it would take 986,415 years to crack that password. Your WordPress website will be safe for the rest of time with a password as strong as this one.

While a combination of letters, numbers, and special characters is extremely difficult for intruders to figure out, it might be too difficult a password for you to remember. If that’s the case, with our Free Strong Password Generator Tool, you can also generate a password that’s easier to remember while still being exceptionally strong. Simply check the Easy to Remember field to generate a password that’s easily memorisable.

Generate Your Secure Password Now »

4. Don’t Use the Same Password for Multiple Accounts

Whichever strategy you use to find the strongest password for your WordPress website, never use the same password for multiple accounts. If you’ve got a strong, secure password for your email account, don’t use that for your WordPress admin; create a new one. And once you’ve come up with a strong password for your WordPress site, don’t use it for anything else.

It can be tempting to use 1 strong password for all of your accounts so that you won’t forget your passwords. But, using the same password for multiple accounts will only make it easier for hackers to break into a number of your accounts, not just one. The only thing worse than having 1 account broken into, is having all of your accounts broken into.

“How secure is my password?” With these tips, you’ll no longer have to ask that question. Now that you know how to choose a secure password for your WP admin, you can keep your website and all of your other online accounts safe and protected. If you enjoyed this article, check out our other posts on How to Secure Your WordPress Forms with Password Protection and How to Create a Password Protected Page in WordPress.

Comments   Leave a Reply

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

WordPress Launch Checklist

The Ultimate WordPress Launch Checklist

We've compiled all the essential checklist items for your next WordPress website launch into one handy ebook.
Yes, Send Me the Free eBook!