computer keyboard

KeePass password management for WordPress

Passwords; we’re always told how important it is to use passwords that will help us be secure on the web.

If one only has a couple to remember I recommend using hard to remember passwords and carrying them with you written down. But who only has a couple of passwords nowadays?

I’ve just created another WordPress site for a client and I used my normal method of password management, considering the quantity of passwords required in setting up a new site I thought I’d document it here.

So what passwords does a WordPress site usually need?

  • Hosting passwords e.g. FTP
  • WordPress SQL database
  • Administrative user password (and possibly the user name too)
  • Various other users created for the client.
  • Associated accounts for email, web storage, social media, analytics etc.

As you can see a basic site will entail a double-figure number of passwords, it’s easy to see why some would repeat using the same password. This is where security risks can be introduced.

Here’s where a password manager comes in useful.

A password manager allows the user to create a database of passwords with only a single password to open it, here’s a Windows application asking for the master password for a newly created database:

Screenshot of KeePass
Master password for database

I use KeePass Password Safe for both Windows ( and Android (, the corresponding database file I keep on Dropbox, hence my password database is always synchronized between devices.

Here can see the entries of an example database created for this blog post with default entries:

Screenshot of KeePass entries
Default entries in new KeePass database

One of the advantages of using KeepPass is the password generator, allowing you to create a password which corresponds to the returns set e.g. password length, use of letters, numbers and special characters. Here we can see the password generator of KeePass, with it’s extensive options:

Screenshot of password generator
Options dialog for password generation

If a site stipulates that it requires a password with a maximum of 20 characters, then I generate a password of 20 characters, imagine how tiresome all this would be without a password manager?

On Android the application KeePassDroid is used to open the database located in the cloud and the password is then provided, here we see the same database opened on an Android device:

Screenshot of KeePassDroid
Database opened with KeePassDroid

Once an entry has been selected, KeePassDroid places items in the pull-down notification area  allowing the username and password of the selected entry to be copied and then pasted in any running Android application.

So there you have it an end to the nightmare of maintaining many passwords, I usually create a database for the site I’m working on and pass it on to the client when the site is ready.

Leave a Reply

Your email address will not be published. Required fields are marked *