View Categories

Security in General

  • Never transmit credentials via email. Use an encrypted app such as Signal (mobile and desktop versions available).
  • Never store your credentials in the clear, or simply let your browser remember them. Use a password manager like RoboForm that encrypts them (mobile and desktop versions available, extensions available for all browsers).
  • Always use your favorite browser(s) in incognito or secure mode.
  • Use 2FA (two-factor authentication) whenever possible: GitHub, banking, even your WordPress sites (via iThemes Security!)

SERVERS

  • Make sure that all sites are served via HTTPS; if you’re in a Plesk environment, it’s relatively easy to generate security certificates. [Directions?]
  • Turn off or otherwise disable any dev sites when you’re not actively using them. You can find detailed directions about how to do this using .htaccess here

Powered by BetterDocs