In addition to attacks that focus on outdated website or CMS software, there are attacks focused on defeating weak or default passwords. Weak passwords are short and often contain common words, or in worse cases simple number combinations. Default passwords are left in the configuration of web-servers, databases, and web-based control panels such as cPanel. There are more bots than you could count, scouring the internet as you read this trying to log into systems using default, or weak passwords. All of your websites systems have passwords that need to be strong such as; web control panel, database, CMS, and FTP for file transfers.
Strong passwords are an easy way to fight against web infections. Password strength is achieved by using longer, more complex passwords. The recommended minimum length is 8-12 characters. Passwords should be random and not contain words with numbers representing letters such as “p1n3c0ne” or “hax0r”, this is easily defeated as well. Strong passwords should also be as complex and random as possible containing lower and uppercase letters, numbers, and special characters such % and /. At Ping IT Services, when we set passwords on critical assets such as websites, we typically use a password generation tool. This way the password is very random and as complex as it can be within reason. The Gibson Research Corporation has an excellent online password generator that we use often.