A benefit of having your site on WordPress.com is that the bulk of site security work is handled for you. Your software is automatically kept up to date and security monitoring is in place to block potentially harmful activity. In addition to these automated services, Carrie shows you some other security measures you can take.
- [Voiceover] From my profile, let's take a look at our security settings. One of the benefits of having your site on WordPress.com is that the bulk of the work to keep your site secure is done by the service. They monitor potentially harmful activity to make sure there's no unauthorized access to your content. That said, there are a few things you can do to protect your data and make sure your site is even more secure. The number one most important thing you can do is to use a strong password. I can't emphasize this enough. Use a strong password.
The name of your pet, your child, or your spouse's birthday are terrible options for creating a password. Yes, they're easy to remember, but those are things people could easily guess. Strong passwords are longer and should contain a mixture of numbers and characters. There are various tools available online to help you create passwords, but good ol' WordPress has a strong password generator built right in. You can toggle this eye icon on or off to make your password visible or hidden. Let's go ahead and see what the strong password looks like.
Now that's a good looking password, but who could possibly remember it? This is where a password manager comes in really handy. It does the remembering for you. Now at the least, you could use your browser to remember your password, but even better is to use a password manager. Let me show you a few options. First, we have Keepass, it's open source, it's free to download, and it's available for Windows, Mac, and Linux. Next, we have LastPass. It's a free service, with a premium option. It's available for all major operating systems, browsers, and mobile devices.
Lastly, we have 1Password. This is a paid download, and it's available for all operating systems, and support for major browser in mobile devices. In case I haven't convinced you to use strong passwords, let me show you one more thing before we move on. This is a fun site where you can see how much time an average computer would take to hack your password. I'll put in a goofy password, like Carrie123, and see that it could be hacked in no time flat. On the other hand, let's pop in this password generated by WordPress, and you can see that it's super secure.
If you want to use the WordPress.com generated password, just click save. One thing to be sure of though, is remember to copy this password and save it to your password manager before saving it in WordPress. Otherwise, you'll lock yourself out and need to reset your password. Our next security option is two-step authentication. Two-step, or two factor authentication, adds an extra layer of security for your site. Your username and password is the first step of authentication, then you're required to enter a randomly generated pass code as second step.
The code is typically sent via text message or generated by an app on your smart phone. Two-step authentication is a fairly common practice for financial institutions, so you may already be familiar with the process. While it does provide that extra layer of security, it also means you have to do an extra step when logging in, which, not everyone will appreciate. Whether or not you use it is totally up to you. Moving on, let's talk about connected applications. WordPress.com allows you to connect with third-party applications to extend your WordPress.com site.
This is done in a secure way, so that approved third-party apps can access certain parts of your site without needing your password. If you click the arrow next to an app, in this case, Gravatar, you can see exactly what permissions are granted to this app. Earlier in the course, we gave Gravatar permission to access the site in order to associate my image with my WordPress.com account. In the future, should I decide I don't want to use Gravatar for some reason, I could come to this section and simply disconnect the app. Even though you have to purposefully grant permission to apps to access your account, I found that over time, I forget what all I've connected to.
It's a good idea to check this area on occasion to make sure you're only connected to apps you're still using. Our last security option is to set a recovery email address and phone number, or SMS number. I recommend doing this for a couple of reasons. One, every once and a while, I'll inevitably lose a password. As long as I have an alternative email address, or a phone number entered here, I can still access my account. Secondly, imagine if you have an email address with a particular company, or service provider. Even though people don't change their email addresses as often now, as in the early days of the web, it's quite possible you could find yourself with an email address on your account that you no longer have access to.
The moment you try to reset your password, you're in for a heartache, unless you've set up one of these backup options. So now that we've talked a bit about your site's security let's take a look at notification options. So note the bell icon here. It corresponds to that bell up on your WordPress.com toolbar. This section is where you set your notification preferences, and the section on your toolbar is where you receive your notifications. You have the option here to set notifications for your site, for comments you leave, for WordPress.com news, and for your reader subscriptions.
For site notifications and your comment notifications, you can specify a preference for an alert on your site, accessible when you're logged in or via email address or both. If you don't log in to your site frequently, I'd recommend using both online and email notifications. That way, you don't miss out on any interactions. After all, it's really cool to get a response from someone on something you've written and email notifications are a good way to make sure you see it. If you're logged into your site daily, or write a really popular post that generates a ton of comments, you might be annoyed at getting a ton of email notifications, so go through and select the options that are best for you.
As for the updates, consider these bonus emails from WordPress.com. Even if you uncheck all of these, you'll see get any mission critical emails from WordPress but, I'd recommend leaving these checked for a little while, just to see if you like the content that WordPress.com is sending. If not, you can always come back and change your settings. As always, if you make changes, don't forget to click the save settings button. Lastly, we have notification options for reader subscriptions. I'll be talking about the reader later in this course, and we'll address these options in more detail then.
- Creating a WordPress.com account
- Updating your profile
- Importing content
- Publishing posts
- Applying categories and tags to posts
- Inserting images, videos, and other media
- Creating a new page
- Customizing your site with themes and widgets
- Managing users, notifications, and comments
- Using WordPress.com apps
- The limits of WordPress.com and the benefits of self-hosting