We encourage all users on VIP sites to follow best practices when it comes to securing their devices, accounts and access to VIP tools. Two-factor authentication is required for all users with the ability to publish to a VIP site and we also recommend following at least these basic steps:
- Set a login password for all user accounts on your computer.
- Set a complex (more than 4 character) passcode to unlock your mobile devices. Do not use fingerprints or patterns.
- Enable a screen saver that activates after a short period of time and requires a password to turn off.
- Use only strong passwords. Never use the same password in more than one place.
- Use a password manager such as 1Password or LastPass.
- Never put passwords in text documents, Google Docs, intranet pages, post-it notes or other unencrypted forms of storage.
- Use two-factor authentication (2FA) for any services that support it, including WordPress.com accounts, Google apps such as Gmail, Dropbox, Twitter, Facebook, GitHub, iCloud, LinkedIn, PayPal and others. Do not store 2FA backup codes anywhere online. We strongly recommend using an authenticator app, such as Authy or Google Authenticator, over SMS-based two-factor authentication.
- Turn on device locating services such as “Find My Mac” for Apple laptops or “Find My iPhone” for iPhones.
- Encrypt your computer’s hard drive, and make sure any backups are encrypted too.
- Install and run anti-virus software with the latest virus definitions.
- Enable your computer’s firewall.
- Ensure that your home and office network routers are running the latest firmware and aren’t using default passwords.
- Be suspicious of any unusual requests to share sensitive information, such as usernames, passwords or other personal data. Report any such requests and “phishing” attempts.
- If working in public, use a privacy screen to prevent your activity being seen.
If you have any security-related questions about your WordPress.com account, your VIP site or any related service, please contact us via support ticket.