Despite ongoing efforts to replace password protection with more robust and reliable security solutions โ such as two-factor authentication or location-based access approval โ recent research notes that โpassword authentication is still ubiquitous although alternatives have been developed to overcome its shortcomingsโ.
So why this continued passion for passwords despite their potential problems? Itโs simple: Familiarity and ease of use. The mechanism for password protection is widely understood and easy to implement โ and in many cases, more complex defense efforts can cause more problems than they solve.
Consider the use case of securing a WordPress website or blog. While site owners could invest substantive time and effort into in-depth security precautions, this popular content management system (CMS) offers built-in password functionality to help defend sites against unwanted access and editing.
In this piece, weโll explore the pros and cons of password processes and provide an easy-to-follow framework for WordPress page and site password protection.
The Pros of Password Protection
Passwords remain the most common form of digital security because they offer a low bar to entry. If you know the password youโre granted access โ if you donโt, youโre turned away.
They can also be easily combined with other security solutions to improve overall defense. For example, current-generation smartphones often leverage both biometric technologies โ such as fingerprint or facial recognition sensors โ and password-based backups.
And while passwords often get a bad reputation for regular compromise, much of this issue stems from poor password selection. If users select their preferred passwords carefully, donโt use them across multiple sites and adopt a policy of regular password change, itโs possible to significantly reduce digital risk.
Avoiding Password Pitfalls
Passwords arenโt perfect and for attackers looking to expend minimal malicious effort, theyโre a potentially attractive prospect. In truth, however, the biggest risk comes not from external but internal factors โ users who unintentionally stumble into three common pitfalls:
1. Poor Password Choice
No one wants to forget their password. As a result, itโs tempting to pick something simple and easy to remember โ but this can rapidly get out of hand. Consider that in 2019, the three most common passwords were โ12345โ, โ123456โ, โ123456789โ. While these are easy for users to remember, theyโre also simple for attackers to guess.
2. Defensive Duplication
The average user now has between 70 and 80 passwords โ so itโs no surprise that password reuse and duplication is common. The problem? If attackers compromise one account or website using a duplicated password, theyโve potentially compromised dozens or more.
3. Static Security Practices
The sheer number of passwords required to navigate digital-first landscapes means that users are often reluctant to change login credentials Many also use physical media โ such as sticky notes โ to remind themselves of specific site or account passwords. In both cases, the existence of passwords that arenโt regularly updated creates a potential security issue.
How to Password Protect a WordPress Page
If youโre building a WordPress site, chances are youโre continually creating and evaluating new content to see which pages offer the biggest boost to user traffic and search engine optimization.
As a result, itโs critical to protect these posts โ to ensure that unauthorized users canโt view, edit or delete data before youโre ready to publish pages or have the chance to make critical changes.
But how do you password protect a page? Thankfully, WordPress makes it easy with a quick and painless built-in tool.
Follow these six steps to quickly password protect a single page or post:
- Log in to your WordPress account
- Go to Posts, then All Posts
- Click Edit on a specific page or post
- Using the Publish menu, change the visibility to Password Protected
- Enter a password
- Publish your newly-protected page
1. Log in to your WordPress account.
Make sure to log in as an administrator or you wonโt be able to make any changes to post visibility or security.
2. Go to “Posts”, then “All Posts”.
From your dashboard, click through to “Posts” and then “All Posts” to select the page or post you want.
3. Click “Edit” on a specific page or post.
Password protection is implemented on a per-post basis, so youโll need to add security to individual pages as required.
4. Using the Publish menu, change the visibility to “Password Protected”.
By default, WordPress pages are set to Public โ meaning anyone can view them. Private pages can only be accessed by designated Admins and Editors, and Password Protected offers the highest level of security.
5. Enter a password.
Choose your password. As noted by the official WordPress site, the maximum length is 20 characters.
6. Publish your newly-protected page
To apply any changes made, you must click the โPublishโ button for unpublished pages or posts, or the โUpdateโ button for already-posted content.
How to Password Protect a WordPress Site
If youโre looking for even more protection itโs possible to password protect your entire WordPress site. This is often a good idea if your site isnโt ready to go live yet or youโre in the middle of in-depth page and post development.
The caveat? WordPress doesnโt natively offer this feature, meaning youโve got two options: Plugins and HTTP authentication. Letโs explore each in more detail.
Plugins
There are a host of free and for-pay WordPress plugins that make it possible to password protect your entire site. While the details differ from plugin to plugin, the basics are the same โ you select a password for your site and specify any exceptions, such as visitors from specific IP addresses, then apply the changes. When users visit your site, theyโll see a WordPress login screen that requires a valid password for access.
HTTP Authentication
This type of password protection happens at the web hosting level; many web hosting providers now offer one-click HTTP authentication for your website, regardless of what CMS youโre running. Just like plugin-based password protection you select a password for your site along with any exceptions. Unlike plugin solutions, visitors wonโt even see a WordPress logo when they arrive โ theyโll simply see a text box asking them to log in.
Keep it Secret, Keep it Safe
Despite potential pitfalls, passwords offer substantive protective benefits โ so long as users avoid common letter and number combinations, donโt duplicate these defenses and regularly update login credentials.
For WordPress website owners and administrators, meanwhile, the judicious use of passwords offers peace of mind by limiting access to reduce potential security risk.