Security – Documentation – WordPress.org https://wordpress.org/documentation Tue, 23 May 2023 14:30:02 +0000 en-US hourly 1 https://wordpress.org/?v=6.5-alpha-57545 https://s.w.org/favicon.ico?2 Security – Documentation – WordPress.org https://wordpress.org/documentation 32 32 213977105 Password Best Practices https://wordpress.org/documentation/article/password-best-practices/ https://wordpress.org/documentation/article/password-best-practices/#respond Sat, 27 Oct 2018 09:57:36 +0000 https://wordpress.org/support/?post_type=helphub_article&p=10821302 Securing your WordPress starts with a strong password. A strong password is complex and elaborate. It isn’t easy to guess since it doesn’t contain recognizable words, names, dates or numbers. You shouldn’t pick a password containing less than 20 characters. It can be hard though to remember a random string of letters, numbers and special characters. But in general, the more characters and complexity, the better.

Here are some suggested guidelines when creating a strong password:

  • At least 20 characters (preferably more)
  • Use lowercase and uppercase
  • Containing numbers
  • Containing special characters such as `!"#$%&'()*+,-./:;<=>?@[]^_{}|~``

More about special characters

  • a backslash \ is not allowed
  • many typographical characters like elegant quotes, ligatures, letters with accents and mathematical symbols are allowed (by WordPress) in passwords, but not recommended. Some characters are hard to recognize. Many characters are harder or sometimes impossible to type on a device. The characters can not be substituted by simpler version, it has to be exactly that character
  • a space is allowed, but not recommended at the start of a password

Example

A good password that upholds all of the guidelines above could be:

As32!KoP43??@ZkI??L0d

Things you should absolutely avoid

Names or words that can be easily linked to you:

  • The name of your partner or kids
  • The name of your pet
  • The name of your company
  • The name of your favorite sports team or car brand
  • The year in which you were born
  • Your birthday

All these items are personal (mostly public) information and thus possible risks for social engineering. So avoid these at all costs!

Example

  • If your name is John Rogers and you were born in 1976, JohnRogers1976 would be a really bad idea for a password.

Generic password elements:

  • Number sequences like “123” or “54321”
  • Using generic words like “admin”, “administrator”, “pass”, “password”, “blue”, “house”…

These elements are often the first terms that are used by malicious people or software when attempting to brute force your password, so should be avoided!

Example

Obviously, the password examples below are horrible passwords and NOT SECURE:

  • MattMullenweg2018
  • admin123
  • Password1!

You should also avoid using the same password on multiple sites or accounts.

Automatically generated passwords in WordPress

When you make a new account for your site or reset your password, a password will be suggested for you (or you can use the button “Generate password”). These strong passwords contain 24 characters, numbers, letters, capitals, and special characters.

Keeping track of your passwords

Since complex passwords are a real necessity these days, it can be a real burden to remember every single password. Fortunately, password managers can help users keep track of their different passwords without resorting to using the same password on multiple sites. Password managers act as a vault for your passwords, secured by one (complex) master password. Many also have functionality to automatically (or on your command) enter your stored password for you, via browser extensions or desktop applications. Using a password manager means you only need to remember your one master password to access all of your other passwords.

A list of password managers and their features is available on https://en.wikipedia.org/wiki/List_of_password_managers. Most browsers can store and synchronize your accounts and passwords.

Other security recommendations

Two factor authentication

Another great way to keep your WordPress acess more secure is to set up two factor authentication (2FA). Currently, this requires installation of a third-party plugin. To set up 2FA look for plugins in the plugins directory with tags like “2FA”, “two factor authentication”, or “two step”.

Usernames

A common method of brute force hacking is to use a “dictionary” of common username and password combinations. For this reason, it is often recommended to avoid common usernames such as “admin”.

Changelog

  • Created 2018-10-27
  • Updated 2023-05-23 with additional recommendations on automatically generated passwords, 2FA and Usernames, and minor grammatical/clarity modifications.
]]>
https://wordpress.org/documentation/article/password-best-practices/feed/ 0 10821302
Why should I use HTTPS https://wordpress.org/documentation/article/why-should-i-use-https/ https://wordpress.org/documentation/article/why-should-i-use-https/#respond Fri, 22 Mar 2019 23:31:18 +0000 https://wordpress.org/support/?post_type=helphub_article&p=11345906 HTTPS is an encrypted communication protocol — essentially, a more secure way of browsing the web, since you get a private channel directly between your browser and the web server. That’s why most major sites use it.

If a site’s using HTTPS, you’ll see a little padlock icon in the address field, just as in the screenshot below:

Screenshot of the "secure site" padlock icon

Here are the most common reasons you might want to use HTTPS on your own site:

Faster. One might think that HTTPS would make your site slower, since it takes some time to encrypt and decrypt all data. But a lot of efficiency improvements to HTTP are only available when you use HTTPS. As a result, HTTPS will actually make your site faster for almost all visitors.

Trust. Users find it easier to trust a secure site. While they don’t necessarily know their traffic is encrypted, they do know the little padlock icon means a site cares about their privacy. Tech people will know that any servers between your computer and the web server won’t be able to see the information flowing forth and back, and won’t be able to change it.

Payment security. If you sell anything on your site, users want to know their payment information is secure. HTTPS, and the little padlock, assure that their information travels safely to the web server.

Search Engine Optimization. Many search engines will add a penalty to web sites that don’t use HTTPS, thus making it harder to reach the best spots in search results.

Your good name. Have you noticed that some websites have the text “not secure” next to their address?

That happens when your web browser wants you to know a site is NOT using HTTPS. Browsers want you to think (rightly!) that site owners who can’t be bothered using HTTPS (it’s free in many cases) aren’t worth your time and certainly not your money.

In turn, you don’t want browsers suggesting you might be that kind of shady site owner yourself.

]]>
https://wordpress.org/documentation/article/why-should-i-use-https/feed/ 0 11345906
WordPress Privacy https://wordpress.org/documentation/article/wordpress-privacy/ https://wordpress.org/documentation/article/wordpress-privacy/#comments Sat, 01 Dec 2018 12:38:34 +0000 https://wordpress.org/support/?post_type=helphub_article&p=10936999 User Privacy and your WordPress site

Depending on your national or international privacy regulations (such as the European Union’s General Data Protection Regulation which may be applicable to you) you may be required to display a privacy policy disclosing your collection and sharing of personal data. Personal data includes things like your users’ name, email, birthdate, phone number, IP address and other data that can be used to identify them.

You may also be required to provide your users with the means to request a copy of the information you hold about them, or request its deletion.

WordPress now includes several simple tools for site administrators to take these steps. These tools make it easier for you to inform your users through a transparent privacy notice about data that is collected on your site. It usually includes at least:

  • What data you collect about them,
  • Why and how you collect data,
  • And what you do with that data (including with whom who you might share that data).

These new tools also make it easier for users to request a copy of their data or its removal. The use of the new data privacy tools (whether required by law or not) will make it easier for you to protect your users’ privacy.

Please note: Every website is different. No two privacy notices will be alike, just as no two site administrators will have identical compliance journeys. Additionally, new regulations, as well as adaptations of existing ones, may alter your compliance journeys. We strongly encourage you to consider that safeguarding privacy is not a one-time responsibility. Taking steps to secure and protect your users’ data is a continuous process both online and offline. These tools can help you with parts of that process, but they are not a compliance process in and of itself. We strongly encourage you to check the regulations and expectations applicable to you and adjust your usage of these tools as needed.

Privacy Settings

This tool makes it easier to select and build a Privacy Policy page. It will create a dedicated page (or adapt an existing one) and provide prompts and headers to kickstart the process.

Site administrators can create this page by going to Settings > Privacy, where the Privacy Policy page setting is managed.

The prompts and headers provided in the tool by default are based on the expectations of Europe’s GDPR as a leading privacy standard. While this gives you a start to build on, your privacy policy is not constrained by this starter text. It is your responsibility to write a comprehensive privacy policy, to ensure that it reflects all national and international legal requirements on privacy, and to keep your policy current and accurate.

Privacy Policy Editing Helper

The Editing Helper feature is part of the new Privacy Settings tool. Drawing information from both WordPress core and a site’s themes and plugins, the Editing Helper pulls together a collected set of default texts which detail a site’s data collection and sharing, generating a starter text which you can use to complete your privacy policy.

While you do not necessarily need to use this tool to build a Privacy Policy, we believe it is helpful because it provides information on how your WordPress site likely collects and processes data in core, theme and plugin code. It is important to consider these back-end uses of data: While not all sites will use all functions (for example, an administrator may choose not to enable comments on posts) nearly every site uses features such as analytics cookies, social media sharing buttons, or contact form plugins. Please add as many additional disclosures as is necessary to be fully transparent about how your site uses personal data.

This tool ONLY collects policy help texts from WordPress and participating plugins. Many sites will also embed third-party tools (such as email subscription services) which collect data in ways the the Editing Helper tool cannot detect, so the default template may not completely describe how your site might collect data about its user. Take the time to understand how your website actually collects your users’ data, and be transparent about what actually happens with data on your website to your users.

Further, theme and plugin developers are invited to learn how the Privacy Policy Editing Helper works, and to feed in the information about how your theme or plugin collects data into the privacy policy tool.

Export Personal Data tool

WordPress now includes a feature to to archive user data for export. This is different from the Tools > Export tool which creates an archive file of posts, pages, or media; the new tool exports in captured elsewhere. You can use this tool by clicking on Tools > Export Personal Data in your WordPress dashboard.

This tool manages email export requests by your users. Following manual approval, it allows you to generate a (.zipformat) file containing the personal data which exists about a user within your WordPress site.

We strongly encourage you use the email validation feature built into the export tools. This confirmation process will help safeguard against abuse, such as malicious users pretending to be someone they are not. As with the Erasure tool, the Erase Personal Data tool uses email validation to send a user’s request to an administrator. The administrator must manually approve the request to send the data in question to the user.

As this tool ONLY gathers data from WordPress and participating plugins, you may need to go beyond to comply with export requests. While it may give you a good start in providing your users with the information they have requested, every site administrator should understand what data they collect and process outside their WordPress site as a full site request may have more responsibility than simply using this export alone.

While this tool’s scope covers much of the scope of WordPress user data, it likely does not include information that may be collected by your site using a third-party service, such as an analytics provider, newsletter subscription service, ad affiliate partner or embedded media.

Erase Personal Data tool

Similar to the Export Personal Data tool, WordPress now includes a tool to delete a user’s personal data upon verified request. You will find this feature under Tools > Erase Personal Data in your WordPress dashboard.

We strongly encourage you use the email validation feature built into the export tool. This confirmation process will help safeguard against abuse, such as malicious users pretending to be someone they are not. As with the Export tool, the Erase Personal Data tool uses email validation to send a user’s request to an administrator. The administrator must manually approve the request to remove the data in question.

Deleted data is permanently removed from the database. Erasure requests cannot be reversed after they have been confirmed. Note that it does not remove the data from backups or archive files: When using the tool alongside automated backups or archives, we advise you to exercise caution when restoring user data from backups. When restoring an archived copy of your site, your requests for erasure should be respected.

As this tool ONLY gathers data from WordPress and participating plugins, you may need to go beyond to comply with erasure requests. While it may give you a good start in complying with your users’ request to remvoe the information they have requested, every site administrator should understand what data they collect and process outside their WordPress site as a full site erasure request may have more responsibility than simply using this tool alone.

In particular (as with the Export tool) it likely does not include information that may be collected by your site using a third-party service, such as an analytics provider, newsletter subscription service, ad affiliate partner or embedded media.

When erasing user data, this tool does not automatically delete registered users and their profile data. Administrators should perform that step themselves after successfully erasing personal data for a registered user. User deletion is available for each user in the Users menu in the Dashboard.

It is also important to understand that personal data deletion requests are not absolute. A site administrator is not obliged to delete data that they may be required to keep for other legal or statutory reasons. For example, you may be required to keep sales records for a certain number of years for tax purposes. You may also wish to keep a user’s records for security purposes, for example, if there is an ongoing investigation into abuse. These situations should be handled internally.

Consent of data collected

Under some privacy laws, you may also be required to have your users’ active, clear, and unambiguous consent before collecting their personal data. Further, you may also be required to have your users’ active, clear, and unambiguous consent before certain kinds of processing of personal data, if that processing isn’t otherwise necessary for your site.

While WordPress.org does not yet have consent tools built, there are various plugins available to help in collecting consent to be compliant with the May 2018 GDPR compliance deadline. In addition, WordPress Core intends to add additional tools for WordPress theme and plugin developers for consent management in WordPress Sites.

Some plugins, especially in the case of forms and email subscription services, suggest that you add a “required” consent field that says something like “I consent to my submitted data being collected and stored” if this is a requirement for your website.

]]>
https://wordpress.org/documentation/article/wordpress-privacy/feed/ 1 10936999