# Security 101 for My WordPress: Passwords, Updates, and Backups
**Summary**
This blog is academic, but I treat it like a real site: **strong passwords**, **updates**, and **backups**—no paid plugins required.
## 1) Passwords & access (simple and strong)
* Long, unique passphrases (14–16+ characters).
* Never reuse passwords across services.
* Use a password manager if possible.
* **2FA** wherever the host/platform supports it.
## 2) Updates (just the essentials)
* Keep WordPress core, theme, and **free** plugins up to date.
* 80/20 rule: **fewer plugins = less risk**.
* Remove what you don’t use.
## 3) Free backups (native tool)
* Use **Tools → Export → All content** → download `Backup-YYYY-MM-DD.xml`.
* Store it in cloud and locally (3-2-1 rule).
* Repeat after publishing important entries.
## 4) Comments & spam
* Turn on moderation.
* Disable comments on **static pages** (Privacy/Attribution) if needed.
## 5) Editorial good practices
* Only **CC0/CC-BY** images with **proper credit**.
* No copyrighted material without permission.
* Link to reliable sources.
*Image: MarkJFernandes — CC0 1.0 (Public Domain) — Source: https://commons.wikimedia.org/wiki/File:Electronic-security_artwork_(lock_%26_circuit-board_patterns).jpg*
Leave a Reply