No matter how much I emphasize how important it is to keep them safe, inevitably I get an email from a present or past client asking me to resend their passwords to them. Often it’s the hosting password that is forgotten as it is not used as often as the WordPress admin password (or some other CMS admin password). Since I’ve observed confusion on what each password is for, I decided to write this post.
Why Two Passwords?
Content Management Systems (CMS) such as Joomla or WordPress make it easier for non web designers to edit their websites, not only do users get easier to use WYSIWYG (what you see is what you get) interfaces, but you are often skipping the step of having to upload your work from your local computer to server (using the dreaded FTP that seems to stymie a lot of people). So where does the two passwords come in?
- Password #1 is the password to your hosting account. Here is where you manage the billing for your account, setting up email accounts and other hosting features usually through a cPanel. Often you manage your domain from this account as well. Once your website is set up (eg. WordPress is installed and configured) this password is not needed very often, however it’s important to keep track of.
- Password #2 gives you access to your CMS (such as WordPress admin). If you want to add a page to your site or shuffle the order of your sidebar widgets, this is where you want to log in. Some people refer to a system like this as a “backend” as “I’m having trouble logging into my WordPress backend.”
Systems such as WordPress, can be thought of their own little eco-systems. The web server and hosting account doesn’t really know about your website, it just serves up files to browsers as they are requested.
Yes, You have to Keep Track of Your Passwords
And writing them down on scraps of paper is not a proper password management system. We all have passwords, we have to remember. I have hundreds. I don’t recommend using the browser to remember your password (when it asks whether to remember the password for a given site I say never). I use different browsers and computers and it’s not particularly secure. If you are looking for a password manager, I use Password Safe but RoboForm is really good too.
Use Secure Passwords
Many systems today have indicators telling you whether your password is weak or strong as you create one. Some enforce “strong” passwords, you have seen these I’m sure: eg: has to be at least eight characters, contain 1 digit, 1 uppercase character and 1 special characters. These restrictions are not there just to make your life miserable, there is a reason for them – the more you can adopt these guidelines for all your passwords the more secure you will be.