Security And Protecting Site

koolbeanz247 · 2026-01-01T02:03:13+0000

Forums / Security And Protecting Site Security And Protecting Site koolbeanz247 · Member · Jan 1, 2026 at 2:03 am Copy link Add topic to favorites Why did my last topic get closed when my last reply never got a response so continuing here I heard that passkeys are more secure than passwords but I also heard there are downsides to using passkeys like if your phone gets lost or stolen Whats an authenticater app I never used it? I also heard those aren’t really secure either. I currently use sms for 2fa verification but the only thing I’m worried about is that sms can be intercepted Is phone number required for account? How can I unlink my phone number from my account Does WordPress automatically backup your site or is security all on us? Can I backup my site with a flashdrive I just want my site secured and protected at the end of the day And why does my site link above say http instead of https. I know https is more secure. When I search my site how can I check if it shows https or http The blog I need help with is: (visible only to logged in users) filipmilicdev · Member · Jan 4, 2026 at 5:28 pm Copy link It sounds like you’re mainly trying to understand account security vs site security, so I’ll answer each point clearly.Passkeys vs passwords Passkeys are more secure than passwords because they can’t be guessed or phished. Downside: if you lose your phone/device and don’t have a backup method, recovery can be harder. Best practice is passkeys + a backup sign-in option (email or recovery codes). Authenticator apps An authenticator app (like Google Authenticator, Authy, etc.) generates a time-based code on your device. Safer than SMS Does not rely on your phone number Codes can’t be intercepted over the network They are considered more secure than SMS. SMS 2FA You’re right: SMS can be intercepted (SIM swap attacks) It’s better than nothing, but not the most secure option If possible, switch from SMS → authenticator app or passkeys. Phone number A phone number is not required for a WordPress.com account If one is linked, you can remove it from: Account Settings → Security → Two-Step Authentication / Account details Once removed, use an authenticator app or passkeys instead Backups On WordPress.com: Your site is automatically backed up by the platform You do not need to manage server backups yourself You can manually export your content (Tools → Export) and save it to a flash drive if you want an extra copy That export is a content backup, not a full server snapshot — but it’s enough for most users. HTTPS vs HTTP WordPress.com automatically provides HTTPS If you see http://, it’s usually just a redirect or cached link Your site is still served securely over HTTPS To check: Open your site in a browser and click the lock icon Or manually type https://imanissm.wordpress.com If it loads with a lock icon,…

koolbeanz247 · Member · Jan 1, 2026 at 2:03 am
Copy link

Add topic to favorites
Why did my last topic get closed when my last reply never got a response so continuing here

I heard that passkeys are more secure than passwords but I also heard there are downsides to using passkeys like if your phone gets lost or stolen

Whats an authenticater app I never used it? I also heard those aren’t really secure either. I currently use sms for 2fa verification but the only thing I’m worried about is that sms can be intercepted

Is phone number required for account? How can I unlink my phone number from my account

Does WordPress automatically backup your site or is security all on us? Can I backup my site with a flashdrive

I just want my site secured and protected at the end of the day

And why does my site link above say http instead of https. I know https is more secure. When I search my site how can I check if it shows https or http

The blog I need help with is: (visible only to logged in users)
filipmilicdev · Member · Jan 4, 2026 at 5:28 pm
Copy link
It sounds like you’re mainly trying to understand account security vs site security, so I’ll answer each point clearly.

Passkeys vs passwords
- Passkeys are more secure than passwords because they can’t be guessed or phished.
- Downside: if you lose your phone/device and don’t have a backup method, recovery can be harder.
- Best practice is passkeys + a backup sign-in option (email or recovery codes).
Authenticator apps

An authenticator app (like Google Authenticator, Authy, etc.) generates a time-based code on your device.
- Safer than SMS
- Does not rely on your phone number
- Codes can’t be intercepted over the network
They are considered more secure than SMS.

SMS 2FA

You’re right:
- SMS can be intercepted (SIM swap attacks)
- It’s better than nothing, but not the most secure option
If possible, switch from SMS → authenticator app or passkeys.

Phone number
- A phone number is not required for a WordPress.com account
- If one is linked, you can remove it from:
  
  Account Settings → Security → Two-Step Authentication / Account details
- Once removed, use an authenticator app or passkeys instead
Backups

On WordPress.com:
- Your site is automatically backed up by the platform
- You do not need to manage server backups yourself
- You can manually export your content (Tools → Export) and save it to a flash drive if you want an extra copy
That export is a content backup, not a full server snapshot — but it’s enough for most users.

HTTPS vs HTTP
- WordPress.com automatically provides HTTPS
- If you see http://, it’s usually just a redirect or cached link
- Your site is still served securely over HTTPS
To check:
- Open your site in a browser and click the lock icon
- Or manually type https://imanissm.wordpress.com
If it loads with a lock icon, you’re fine.

Security And Protecting Site

Couldn't find what you needed?

Contact us

Browse our guides

Mobile Apps

Social Media