Account Security
WordPress.com helps protect your site and data with strong encryption, firewalls, ongoing monitoring, and regular security testing. As a customer, you also have access to additional security features like two-step authentication and security key support. Together, these tools help keep your account and site safe.
Use the guides below to learn more about securing your account and making the most of the available tools.
Keep your site safe and secure
The security of your website and personal data is a top priority. This guide explains how WordPress.com helps protect your site and what additional steps you can take to keep it secure.
Security settings
If you have a WordPress.com Business or Commerce plan, you can manage several key security settings for your site. This guide walks you through each option.
Enable two-step authentication
Your WordPress.com site is your online home, and keeping it secure is important. If you’ve already set a strong, unique password, the next step is to enable two-step authentication. This guide shows you how.
Security key authentication
WordPress.com supports login verification with virtual and physical security keys using the WebAuthn (Web Authentication API) standard. This guide will show you how to add and remove security keys.
Protect your website from malware
Malware is software designed to harm a computer, server, or website. This guide explains how site owners can protect their sites and reduce the risk of malware.
Last updated: June 11, 2025