If you run a website, your content management system (CMS) is the brain of the operation. It’s where you log in, make updates, and control who sees what. That’s why a strong password isn’t just “nice to have” — it’s your first and most important line of defence when it comes to protecting your website and pretty much everything else you need a password for. We receive customer feedback on a reasonably regular basis regarding the use of strong passwords. We get it, it’s a pain to have to manage lots of different, long and complicated passwords!
While we can’t force clients to follow our advice, we can only advise them on the best practices they really should follow, as well as those that we definitely follow.
Hackers don’t always “guess” your password by hand. They use tools that try millions of combinations in seconds. Weak or reused passwords make their job easy. If someone gets into your CMS, they can:
A strong password makes these attacks much harder and often not worth the effort.
A strong password is:
Good example: Jelly-Tiger!7-Maple-Cloud
REALLY bad example: Password123 or Summer2025
Tip: Passphrases are great. Try four or five random words with numbers and symbols between them. They’re easier to remember and still strong.
If one site is breached, attackers will attempt to use the same email and password combination everywhere else. Reusing passwords turns one problem into many. Keep each account unique.
Remembering dozens of long, unique passwords is tough. A password manager:
Popular password managers work across your phone and computer, and many offer family or team plans.
2FA adds a second step — like a code from an app or a hardware key — after your password. Even if someone steals your password, they still can’t log in without that code. Use an authenticator app (such as 1Password or Google Authenticator) instead of SMS whenever possible for enhanced security.
Hackers often try to trick you into giving up your password:
Strong passwords are the easiest win in website security. Use long, unique passwords, a password manager, and 2FA, and you’ll shut down most common attacks before they even start. Your website — and your visitors — will thank you.
© Enrapture Media is a trading name of Enrapture Limited - Building online solutions since 2009