Despite ongoing efforts to replace password protection with more robust and reliable security solutions â€” such as two-factor authentication or location-based access approval â€” recent research notes that â€œpassword authentication is still ubiquitous although alternatives have been developed to overcome its shortcomingsâ€�.
So why this continued passion for passwords despite their potential problems? Itâ€™s simple: Familiarity and ease of use. The mechanism for password protection is widely understood and easy to implement â€” and in many cases, more complex defense efforts can cause more problems than they solve.
Consider the use case of securing a WordPress website or blog. While site owners could invest substantive time and effort into in-depth security precautions, this popular content management system (CMS) offers built-in password functionality to help defend sites against unwanted access and editing.
In this piece, weâ€™ll explore the pros and cons of password processes and provide an easy-to-follow framework for WordPress page and site password protection.
The Pros of Password Protection
Passwords remain the most common form of digital security because they offer a low bar to entry. If you know the password youâ€™re granted access â€” if you donâ€™t, youâ€™re turned away.
They can also be easily combined with other security solutions to improve overall defense. For example, current-generation smartphones often leverage both biometric technologies â€” such as fingerprint or facial recognition sensors â€” and password-based backups.
And while passwords often get a bad reputation for regular compromise, much of this issue stems from poor password selection. If users select their preferred passwords carefully, donâ€™t use them across multiple sites and adopt a policy of regular password change, itâ€™s possible to significantly reduce digital risk.
Avoiding Password Pitfalls
Passwords arenâ€™t perfect and for attackers looking to expend minimal malicious effort, theyâ€™re a potentially attractive prospect. In truth, however, the biggest risk comes not from external but internal factors â€” users who unintentionally stumble into three common pitfalls:
1. Poor Password Choice
No one wants to forget their password. As a result, itâ€™s tempting to pick something simple and easy to remember â€” but this can rapidly get out of hand. Consider that in 2019, the three most common passwords were â€œ12345â€�, â€œ123456â€�, â€œ123456789â€�. While these are easy for users to remember, theyâ€™re also simple for attackers to guess.
2. Defensive Duplication
The average user now has between 70 and 80 passwords â€” so itâ€™s no surprise that password reuse and duplication is common. The problem? If attackers compromise one account or website using a duplicated password, theyâ€™ve potentially compromised dozens or more.
3. Static Security Practices
The sheer number of passwords required to navigate digital-first landscapes means that users are often reluctant to change login credentials Many also use physical media â€” such as sticky notes â€” to remind themselves of specific site or account passwords. In both cases, the existence of passwords that arenâ€™t regularly updated creates a potential security issue.
How to Password Protect a WordPress Page
If youâ€™re building a WordPress site, chances are youâ€™re continually creating and evaluating new content to see which pages offer the biggest boost to user traffic and search engine optimization.
As a result, itâ€™s critical to protect these posts â€” to ensure that unauthorized users canâ€™t view, edit or delete data before youâ€™re ready to publish pages or have the chance to make critical changes.
But how do you password protect a page? Thankfully, WordPress makes it easy with a quick and painless built-in tool.
Follow these six steps to quickly password protect a single page or post:
- Log in to your WordPress account
- Go to Posts, then All Posts
- Click Edit on a specific page or post
- Using the Publish menu, change the visibility to Password Protected
- Enter a password
- Publish your newly-protected page
1. Log in to your WordPress account.
Make sure to log in as an administrator or you wonâ€™t be able to make any changes to post visibility or security.
2. Go to "Posts", then "All Posts".
From your dashboard, click through to "Posts" and then "All Posts" to select the page or post you want.
3. Click "Edit" on a specific page or post.
Password protection is implemented on a per-post basis, so youâ€™ll need to add security to individual pages as required.
4. Using the Publish menu, change the visibility to "Password Protected".
By default, WordPress pages are set to Public â€” meaning anyone can view them. Private pages can only be accessed by designated Admins and Editors, and Password Protected offers the highest level of security.
5. Enter a password.
Choose your password. As noted by the official WordPress site, the maximum length is 20 characters.
6. Publish your newly-protected page
To apply any changes made, you must click the â€œPublishâ€� button for unpublished pages or posts, or the â€œUpdateâ€� button for already-posted content.
How to Password Protect a WordPress Site
If youâ€™re looking for even more protection itâ€™s possible to password protect your entire WordPress site. This is often a good idea if your site isnâ€™t ready to go live yet or youâ€™re in the middle of in-depth page and post development.
The caveat? WordPress doesnâ€™t natively offer this feature, meaning youâ€™ve got two options: Plugins and HTTP authentication. Letâ€™s explore each in more detail.
There are a host of free and for-pay WordPress plugins that make it possible to password protect your entire site. While the details differ from plugin to plugin, the basics are the same â€” you select a password for your site and specify any exceptions, such as visitors from specific IP addresses, then apply the changes. When users visit your site, theyâ€™ll see a WordPress login screen that requires a valid password for access.
This type of password protection happens at the web hosting level; many web hosting providers now offer one-click HTTP authentication for your website, regardless of what CMS youâ€™re running. Just like plugin-based password protection you select a password for your site along with any exceptions. Unlike plugin solutions, visitors wonâ€™t even see a WordPress logo when they arrive â€” theyâ€™ll simply see a text box asking them to log in.
Keep it Secret, Keep it Safe
Despite potential pitfalls, passwords offer substantive protective benefits â€” so long as users avoid common letter and number combinations, donâ€™t duplicate these defenses and regularly update login credentials.
For WordPress website owners and administrators, meanwhile, the judicious use of passwords offers peace of mind by limiting access to reduce potential security risk.