Have you had your WordPress site compromised because a user had a poor password? Well after your conversation about how 12345 is not a secure password install and activate”Emergency Password Reset” and reset all the passwords and automatically email them out to your users.
Emergency Password Reset
When you click reset passwords, the plugin recreates random passwords for every user and emails them the new password. This doesn’t prevent future hacks, your quality of host, and preferably being on a Managed WordPress hosting solution, will help that.
Here are some other steps for security you can take.
The best solution that we use and is provided by WordPress. Install and activate JetPack, then activate the 1 click sign in option. A WordPress.com account is required for this, but doesn’t take long to set up.
Here’s what you need, something you have, something you know, that’s it.
In 2013, Apple released TouchID which lets users unlock their iPhones using their fingerprints. This technology is interesting because the fingerprints are stored locally on the phone, not in the cloud where they would be easier for hackers to steal. But once you get past your devices personal security, go to your Android or App Store and get Google’s Authenticator app.
Why the app?
Well if you don’t mind a text message every time you login then no need for it, but the app helps with managing your accounts if you have more than one. Otherwise you can have multiple rows appear for each account you have to enable authentication to secure your logins.
After going to yoursites.com/wp-admin you can click the “login with WordPress.com” button and you’ll be directed to login with a 6 digit temporary key. If using the app, you’ll have only 30 seconds before a new key appears, so type quickly. Before clicking ok, if available, make sure you tick the box to the left for 30 day remember or you’ll have to do this the next time you login.
See our upcoming article on how to setup 2-step authentication in Jetpack and WordPress.com next week, or contact us to secure your sites login.