We encourage all users on VIP sites to follow best practices when it comes to securing their devices, accounts and access to VIP tools. We realize these practices will vary across organizations, but we recommend following at least these basic steps:
- Set a login password for all user accounts on your computer.
- Enable two-step authentication for your WordPress account.
- Set a complex (more than 4 character) passcode to unlock your mobile devices.
- Enable a screen saver that activates after a short period of time and requires a password to turn off.
- Use only strong passwords. Never use the same password in more than one place.
- Use a password manager such as 1Password or LastPass.
- Never put passwords in text documents, Google Docs, intranet pages, post-it notes or other unencrypted forms of storage.
- Use two-step authentication for any services that support it, including WordPress.com accounts, Google apps such as Gmail, Dropbox, Twitter, Facebook, Github, iCloud, LinkedIn, PayPal and others. Do not store 2FA backup codes anywhere online.
- Turn on device locating services such as “Find My Mac” for Apple laptops or “Find My iPhone” for iPhones.
- Encrypt your computer’s hard drive, and make sure any backups are encrypted too.
- Install and run anti-virus software with the latest virus definitions.
- Enable your computer’s firewall.
- Ensure that your home and office network routers are running the latest firmware and aren’t using default passwords.
- Be suspicious of any unusual requests to share sensitive information, such as usernames, passwords or other personal data. Report any such requests and “phishing” attempts.
If you have any security-related questions about your WordPress.com account, your VIP site or any related service, please contact us via support ticket.