- Never transmit credentials via email. Use an encrypted app such as Signal (mobile and desktop versions available).
- Never store your credentials in the clear, or simply let your browser remember them. Use a password manager like RoboForm that encrypts them (mobile and desktop versions available, extensions available for all browsers).
- Always use your favorite browser(s) in incognito or secure mode.
- Use 2FA (two-factor authentication) whenever possible: GitHub, banking, even your WordPress sites (via iThemes Security!)
SERVERS
- Make sure that all sites are served via HTTPS; if you’re in a Plesk environment, it’s relatively easy to generate security certificates. [Directions?]
- Turn off or otherwise disable any dev sites when you’re not actively using them. You can find detailed directions about how to do this using .htaccess here.