Security And Protecting Site
-
Why did my last topic get closed when my last reply never got a response so continuing here
I heard that passkeys are more secure than passwords but I also heard there are downsides to using passkeys like if your phone gets lost or stolen
Whats an authenticater app I never used it? I also heard those aren’t really secure either. I currently use sms for 2fa verification but the only thing I’m worried about is that sms can be intercepted
Is phone number required for account? How can I unlink my phone number from my account
Does WordPress automatically backup your site or is security all on us? Can I backup my site with a flashdrive
I just want my site secured and protected at the end of the day
And why does my site link above say http instead of https. I know https is more secure. When I search my site how can I check if it shows https or http
The blog I need help with is: (visible only to logged in users)
-
It sounds like you’re mainly trying to understand account security vs site security, so I’ll answer each point clearly.
Passkeys vs passwords- Passkeys are more secure than passwords because they can’t be guessed or phished.
- Downside: if you lose your phone/device and don’t have a backup method, recovery can be harder.
- Best practice is passkeys + a backup sign-in option (email or recovery codes).
Authenticator apps
An authenticator app (like Google Authenticator, Authy, etc.) generates a time-based code on your device.
- Safer than SMS
- Does not rely on your phone number
- Codes can’t be intercepted over the network
They are considered more secure than SMS.
SMS 2FA
You’re right:
- SMS can be intercepted (SIM swap attacks)
- It’s better than nothing, but not the most secure option
If possible, switch from SMS → authenticator app or passkeys.
Phone number- A phone number is not required for a WordPress.com account
- If one is linked, you can remove it from:
- Account Settings → Security → Two-Step Authentication / Account details
- Once removed, use an authenticator app or passkeys instead
Backups
On WordPress.com:
- Your site is automatically backed up by the platform
- You do not need to manage server backups yourself
- You can manually export your content (Tools → Export) and save it to a flash drive if you want an extra copy
That export is a content backup, not a full server snapshot — but it’s enough for most users.
HTTPS vs HTTP
- WordPress.com automatically provides HTTPS
- If you see
http://, it’s usually just a redirect or cached link - Your site is still served securely over HTTPS
To check:
- Open your site in a browser and click the lock icon
- Or manually type
https://imanissm.wordpress.com
If it loads with a lock icon, you’re fine.
-
I’m just gonna ask all my questions here so I don’t have to go back to separate threads
I guess I’m just paranoid about using passkeys cuz of all the negative stuff I hear about it not being secure as they claim. I even watched YouTube videos on passkeys to get more information on if there secure to use and alot of people have different opinions about it which makes it harder for me. I honestly think I need to research more on passkeys and authenticator apps before deciding what to do. But I definitely do wanna remove my phone number. But I’m afraid of using sms now due to the whole intercepted thing. Are you allowed to use a temporary burner phone number for verification if you don’t wanna use your real number
the exporting site if I do back up to flash drive or hardrive you said its a content back up not a full server snapchat. What u mean by that. So will it still back up everything cuz i don’t wanna lose anything on my site
for the https vs http I meant that sometimes on here in forum it will show http next to my blog instead of https so that was the only reason why I asked. Will you be able to test it on your end or only I have to do it
for posts access you said that I don’t have to do each posts manually. You said I can change the default visibility for future posts in my site settings, and I can also use bulk actions to update multiple existing posts at once. Can you elaborate more on the bulk actions part. How does that work. Can you explain that
Is there a way to use WordPress online in a browser without logging in or using the app. Or do you have to be logged in to use WordPress. Cuz sometimes I just wanna write quick posts without having to always login whether the web version or the app
Last question how do you delete categories
-
Don’t make it so difficult. The easiest way to protect your wordpress.com account and site is:
- using a strong password
- activating 2FA through an authenticator app. Don’t forget to save or print out the backup codes you get when you activbate 2FA.
All sites on the wordpress.com platform have https.
You have to be logged in to be able to edit your site.
-
@filipmilicdevFor post access I think you had mentioned that I don’t have to do each posts manually. You said I change the default visibility for future posts in my site settings, and I can also use bulk actions to update multiple existing posts at once. Can you elaborate more on the bulk actions part. How does that work. I don’t see the bulk actions option in post settings
-
@filipmilicdev I don’t see that topic in this thread but I remember you saying it and I had orginally mentioned it in my orginal post but I didn’t get an answer for that one
-
also I wanna upload a video to my post from my phone on the WordPress web but its saying I have to upgrade to upload video why that’s crazy. So I was trying to login to the app to see if I can do it but its saying authorize wordpress.com account to login but taking forever to authorize
Why am I not able to upload videos unless I upgrade thats crazy
-
-
Hi @koolbeanz247,
Sorry, this took a bit longer to get back to you. I saw your follow-ups and wanted to make sure I covered everything clearly for you.
From what you’ve shared, it sounds like you’re trying to upload videos to your site, manage multiple posts more easily, and make sure your account is secure and properly backed up. I’ll go through each of these one by one:
1. Video upload (why it’s asking you to upgrade)
When you try to upload a video and see the upgrade prompt, that’s expected on a free site.Video uploads are only available on paid plans. Free WordPress.com sites don’t support direct video uploads to posts. If you’d like to upload videos directly, you’ll need to upgrade to a paid plan.
You can view the available plans here:
https://wordpress.com/pricingIf you want, I can help you figure out which plan makes the most sense based on what you’re trying to do. Are you mainly blogging, building a business site, or planning to sell anything?
2. Bulk editing posts (visibility, status, etc.)
You mentioned you don’t see the bulk actions option. That’s usually found in the Posts (or Pages) list view.This guide walks you through exactly where to find it and how to use it:
https://wordpress.com/support/edit-pages-screen/#make-page-or-post-edits-in-bulkIf you still don’t see it after checking, let me know what your screen looks like, and I’ll help you pinpoint it.
3. Security & backups
You’re asking the right questions here. It’s good to think about this upfront.The strongest setup is:
- A strong, unique password
- Two-step authentication (2FA)
If you’re not comfortable using SMS for 2FA, you can absolutely use an authenticator app instead. Tt’s actually more reliable.
You can set that up following the steps here:
https://wordpress.com/support/security/two-step-authentication/#use-an-appOn our side, we also take proactive steps to keep accounts and sites secure. You can read more about that here:
https://wordpress.com/support/security/Let me know if you have any questions.
-
@michaelmedahunsi no worries
Not being able to upload videos on free accounts is crazy no disrespect. In the past I was always able to upload videos to my posts from my phone on free account. I had a post i wanted to write but it was alot of information to write so I made a video about it and I wanted to upload the video but I didn’t know i wouldn’t be able to upload it
I’m not interested in paid plans only free plan
ok thank you. I will check out the link
also for themes. I wanna customize my site but I find the new editor very confusing. The old editors was so much easier. Is there a way to go back to the old editor or is sticking with the new themes and editor better. I just don’t wanna use themes/editors thats outdated
Also I was told that wordpress.com automatically backups your site. But I do wanna backup my site for myself. Would i be able to do that with a harddrive flash drive etc
-
You can embed videos from several platforms as youtube – https://wordpress.com/support/wordpress-editor/blocks/youtube-block/
-
Hi there,
Video uploads aren’t available on the free plan, but you can upload your video to YouTube or Vimeo and embed it directly into your post by pasting the URL on its own line in the editor.
Your readers will see the video play right there in the post. Here’s how you can do that: https://wordpress.com/support/wordpress-editor/blocks/video-block/#insert-a-video-urlFor the editor, the block editor is the way to go, as it helps you edit all parts of your website. It has a learning curve, but it’s the current standard and actively supported. This guide might help: https://wordpress.com/support/wordpress-editor/
You can also use a classic theme like Twenty Sixteen, if you’d like to use the older customizations options: https://wordpress.com/theme/twentysixteen/imanissm.wordpress.com?tab_filter=allFor backups, WordPress.com keeps automatic backups only for websites that are on the Business plan or higher. However, if you want your own copy on a hard drive or flash drive, you can go to Tools > Export to download a file with your posts, pages, and content. Here’s the guide: https://wordpress.com/support/export/
That export covers your text content and media links. If you want copies of the actual image files, you’d download those separately from your Media Library.
Please let me know if you have any other questions!
-
ok thank you for the links
for site backup I was told by another staff member that wordpress.com automatically backups up your site is this true or not. but I still want to backup for myself just in case can i do that on a flashdrive, hardrive etc
-
-
Hi @koolbeanz247!
As my colleague mentioned, backups are only available for sites on the Business plan and above, as you can read here:
https://wordpress.com/support/restore/#restore-from-a-backupRegarding your second question, if you choose to export your site content as a backup, you can opt to export all of your content at once, including your media files.
You also have the option to export specific content, such as only media files or certain sections of your site. You can learn more about how to export your content here:
https://wordpress.com/support/export/Please feel free to let me know if you have any questions or need help with this. I’m happy to assist!
-
Ok
But why is backup only available for business plans and not free wordpress.com plans I’m just curious to know. I orginally always thought that wordpress.com backups sites automatically regardless whether free or not
Also I’m trying to login to the jetpack app when I login it says Authorize your WordPress.com account to sign into WordPress for Android. When i click approve but it takes forever to authorize its not letting me into the app
WordPress.com Forums 