How often should you change your website admin password?

[Christopher1]

Passwords are constantly getting phished on the internet. Given that, how often should you change your website admin password?

 

[Fel1x]

Once a month seems like a safe bet.

 

[Boroku]

I've actually never changed my password and I've never been hacked *knock on wood*

 

[Danielle Davidson]

I was also thinking every month or something like that. It's better to be safe than sorry just because it would really stink to end up getting hacked because you didn't check it enough.

 

[NastyGravy]

I agree, I think every thirty days should be fine. If you have a lot of suspicious activity then I would start doing it on a weekly basis. It is always better to be safe than have something happen and wish you had changed it more often.

 

[Baley64bit]

I never do, and I probably should haha but I use such a long and encrypted password I don't think I have to worry about it all that much.

 

[Boroku]

Judging from the posts here, I think may need to start. haha!

 

[DanielGarneau]

A while back I discovered that there are simple things that can be done that make it hard to even find your login form, such as not using the default name for admin login. There are WordPress plugins that allow to rename the default login form from wp-login to something else. Also, I was advised to never use admin as a login name. So it is not just the password that needs to be considered carefully, but also making it difficult to find the login form and the user name used to access the site as an administrator.

 

[Christopher1]

A while back I discovered that there are simple things that can be done that make it hard to even find your login form, such as not using the default name for admin login. There are WordPress plugins that allow to rename the default login form from wp-login to something else. Also, I was advised to never use admin as a login name. So it is not just the password that needs to be considered carefully, but also making it difficult to find the login form and the user name used to access the site as an administrator.

Very true! And that's pretty sweet that there are plug-ins available that change the default wp-login. As it is, it's too easy to guess, and I have no doubt that there are some serious stalkers on the web who will find enough info about anyone to hack.

There's no reason to make it simple!

Solid advice! Thanks!

 

[MrPanos]

Hello,

You can create strong password using password generators: https://identitysafe.norton.com/password-generator/

I usually use the Norton Password Generator. It's free and secure.

 

[Belthazar]

I never change mine, personally. As @Mr.Panos said above, if you just use a randomly generated password that you don't tell anyone, there's nothing to worry about. I generally only change them when I give the password temporary, or I am suspicious of a hack. Anything other than that, there's really no reason to change the password.

 

[Allenafaith]

I've never changed mine since I have a very strong password. I didn't really see the need to.

 

[xXInfectedXx]

I make sure my password is 16 characters+ with capitals, numbers, letters, and I make sure it's highly secure to stop hackers from hacking. I aim to change my password once a month to stop hackers from guessing it or Keystroke logging it. I have a monthly schedule and I stick to it.

 

[ChrisG2010]

WebHostManager (WHM) has a standard that asks you to change your password every 90 days.
I suggest changing them every 90 days or sooner.