Usernames & Passwords

UNIQUE Usernames

Are you using the username ADMIN when logging into your Joomla! control panel?

If YES CHANGE IT to something totally unconnected with you and your interests.

Are you using your name?

If YES then DON'T.

Use something UNIQUE and which is totally unconnected with you and your interests.

Are you using your email address?

If YES, then is it one that includes your name and which is publicly available on the web?

Oops, create a new email account using a word that is totally unconnected with you and your interests.

By now you have probably got the message!



If you want to protect your Joomla! CMS from a brute force attack then you MUST use a UNIQUE COMPLEX password for every application and website you use, including:

  1. Joomla! CMS Control Panel login,
  2. Hosting Control Panel login,
  3. FTP login (when separate credentials are supported by your hosting company),
  4. email account, and
  5. every other application you can think of.

By COMPLEX we mean:

  1. 16 + characters.
  2. no repetition, usernames, dictionary words, letter or number sequences,
  3. not using relative or pet names, likes, dislikes, romantic links (current or past), or biographical information (e.g., ID numbers, ancestors' names or dates) - or anything you publish in your social media profile!
  4. numbers and special characters as well as letters (Exampl: . - _ ! " £ $ % ).
  5. upper-case and lower-case letters,
  6. random, and
  7. unmemorable.


Some Password Tips

NEVER let your web browser or FTP client remember your usernames or passwords when you are logging in.

DO NOT store passwords in an unencrypted file, for example, a TXT file.

USE a Random Password Generator to create genuinely unique random passwords - see below.

USE a Password Manager application to securely store passwords on your computer or mobile storage device (example: pen drive) in encrypted form - see below.

DO NOT share your username and password for any of these resources with anyone.

IF a website offers two-factor authentication, use it.

Read more: Two Factor Authentication.

Should you change your password often?

This is often recommended.

However, some experts say there is no need to keep changing your passwords providing you:

  • create complex unique passwords, and
  • store them in a secure place i.e. using a Password Manager.

Of course if you suspect a password has been compromised then you should change it immediately.