Here at WordPress.com VIP, we have all sorts of magic behind the scenes to keep your sites safe and secure. However, it’s equally important that your users keep their logins safe by practicing security best practices.
Last year, we introduced Two-Step Authentication for WordPress.com accounts, making it dramatically more difficult for an account to be compromised. Many of our VIP customers have requested a way to enforce Two-Step Authentication for all users across their sites. We heard you.
Last week, we completed a new feature that allows you to enforce this rule so that users are treated as contributors (meaning they can’t publish anything or change options) unless they first enable Two-Step.
We are currently seeking beta testers to help us test this feature. If you’re interested, please let us know via vip-support@wordpress.com.
And, here’s a quick primer on our recommended security practices:
- Never give your password to anyone.
- Never use the same password twice. To help with managing passwords, use a program like 1Password or LastPass.
- Use high entropy passwords. If you are using a randomly generated password, it should be at least 24 characters and have numbers, mixed case letters, and symbols.
- Protect your computer with a password, and be sure to “lock” the screen anytime you step away from your machine.
- Use Two-Step Authentication!
More on security: Site and Security Monitoring Add-On.
WordPress VIP Lobby 
You must be logged in to post a comment.