Think about website security the same way you think about money in a bank. To keep your money safe, your bank takes many security measures: vaults, security guards, deposit insurance, and so on.
Likewise, you have to take certain security precautions on your end, such as keeping a close watch on your debit card and online banking information, because a mistake could leave your account vulnerable.
Luckily, WordPress.com makes sure your website is secure and well-protected. So what steps can you take on your end to bolster your site’s security?
These four website-security tips will help give you peace of mind — with no coding experience required.
1. Choose hard-to-crack passwords
Although easy to remember, “Password123” is not a very secure password. The first step in reducing the likelihood of getting hacked is creating a password that takes some serious effort to crack — lengthy, random selections of letters, numbers, and symbols work best.
Ideally, you can use a random password generator and free password-management software to help you keep track of your passwords in one place. You can read more about how to do this here.
2. Use two-step authentication
Since the latest hacking tools can enter up to 350 billion password guesses per second (yes, that’s 350,000,000,000), even a strong password can be hacked by a sophisticated attacker.
That’s where two-step authentication comes in. You can have a security code sent to you via text message each time you log in to your site. So unless someone has your password and your mobile phone, they won’t be able to access your account.
Thankfully, as you can see here, WordPress.com provides its users with a secure, step-by-step authentication process.
3. Log out after each use
Let’s say you’re working on your WordPress.com site on a public computer. You realize you’re going to be late for your next appointment, so you hop up and head out . . . without signing out of your site.
Hopefully, the next person to use the computer will be a good Samaritan and close out of the window for you. But if they don’t, you’ve left your website (and any other accounts that share the same username and password) wide open to an attack.
As a rule, always log out of your site when you’re done working on it. This is a good habit to get into even when using your own computer.
4. Limit additional users and roles
Are you the only person with a user account on your site? Great! That reduces the likelihood that your website will be hacked. Each additional person who has login access to your site increases your security risks.
However, sometimes you have to let other people use your site: an employee, personal assistant, or a regular guest writer. So what can you do to keep a tight leash on your website’s security?
The best step is to limit your additional users’ roles to the “Contributor” or “Author” levels, which decreases the amount of damage a hacker could do if they were to gain access to your site through these other accounts. This support page on user roles shows you how to do this.