Security And Protecting Site
-
Why did my last topic get closed when my last reply never got a response so continuing here
I heard that passkeys are more secure than passwords but I also heard there are downsides to using passkeys like if your phone gets lost or stolen
Whats an authenticater app I never used it? I also heard those aren’t really secure either. I currently use sms for 2fa verification but the only thing I’m worried about is that sms can be intercepted
Is phone number required for account? How can I unlink my phone number from my account
Does WordPress automatically backup your site or is security all on us? Can I backup my site with a flashdrive
I just want my site secured and protected at the end of the day
And why does my site link above say http instead of https. I know https is more secure. When I search my site how can I check if it shows https or http
The blog I need help with is: (visible only to logged in users)
-
It sounds like you’re mainly trying to understand account security vs site security, so I’ll answer each point clearly.
Passkeys vs passwords- Passkeys are more secure than passwords because they can’t be guessed or phished.
- Downside: if you lose your phone/device and don’t have a backup method, recovery can be harder.
- Best practice is passkeys + a backup sign-in option (email or recovery codes).
Authenticator apps
An authenticator app (like Google Authenticator, Authy, etc.) generates a time-based code on your device.
- Safer than SMS
- Does not rely on your phone number
- Codes can’t be intercepted over the network
They are considered more secure than SMS.
SMS 2FA
You’re right:
- SMS can be intercepted (SIM swap attacks)
- It’s better than nothing, but not the most secure option
If possible, switch from SMS → authenticator app or passkeys.
Phone number- A phone number is not required for a WordPress.com account
- If one is linked, you can remove it from:
- Account Settings → Security → Two-Step Authentication / Account details
- Once removed, use an authenticator app or passkeys instead
Backups
On WordPress.com:
- Your site is automatically backed up by the platform
- You do not need to manage server backups yourself
- You can manually export your content (Tools → Export) and save it to a flash drive if you want an extra copy
That export is a content backup, not a full server snapshot — but it’s enough for most users.
HTTPS vs HTTP
- WordPress.com automatically provides HTTPS
- If you see
http://, it’s usually just a redirect or cached link - Your site is still served securely over HTTPS
To check:
- Open your site in a browser and click the lock icon
- Or manually type
https://imanissm.wordpress.com
If it loads with a lock icon, you’re fine.
-
I’m just gonna ask all my questions here so I don’t have to go back to separate threads
I guess I’m just paranoid about using passkeys cuz of all the negative stuff I hear about it not being secure as they claim. I even watched YouTube videos on passkeys to get more information on if there secure to use and alot of people have different opinions about it which makes it harder for me. I honestly think I need to research more on passkeys and authenticator apps before deciding what to do. But I definitely do wanna remove my phone number. But I’m afraid of using sms now due to the whole intercepted thing. Are you allowed to use a temporary burner phone number for verification if you don’t wanna use your real number
the exporting site if I do back up to flash drive or hardrive you said its a content back up not a full server snapchat. What u mean by that. So will it still back up everything cuz i don’t wanna lose anything on my site
for the https vs http I meant that sometimes on here in forum it will show http next to my blog instead of https so that was the only reason why I asked. Will you be able to test it on your end or only I have to do it
for posts access you said that I don’t have to do each posts manually. You said I can change the default visibility for future posts in my site settings, and I can also use bulk actions to update multiple existing posts at once. Can you elaborate more on the bulk actions part. How does that work. Can you explain that
Is there a way to use WordPress online in a browser without logging in or using the app. Or do you have to be logged in to use WordPress. Cuz sometimes I just wanna write quick posts without having to always login whether the web version or the app
Last question how do you delete categories
-
Don’t make it so difficult. The easiest way to protect your wordpress.com account and site is:
- using a strong password
- activating 2FA through an authenticator app. Don’t forget to save or print out the backup codes you get when you activbate 2FA.
All sites on the wordpress.com platform have https.
You have to be logged in to be able to edit your site.
WordPress.com Forums 