Since the information you add to Client Power Tools will be stored in your WordPress database, the security of Client Power Tools depends mainly on the security of your website. So before you use Client Power Tools with actual clients, let’s give your website a checkup.
Basic security for WordPress is similar to basic security for anything else: use good passwords and keep WordPress up to date. Plus, since it’s a website, you need to use SSL encryption (HTTPS) so visitors can connect securely.
Passwords are fundamental to security. Anyone with admin access to your website or server should be using unique, unguessable passwords. A password manager like 1Password or Dashlane makes this easy.
It is a good idea to talk to your clients about passwords and password managers, too. Client Power Tools uses passwordless login by default, but your clients can choose to use a password instead, and in the end it’s up to the individual user to use good passwords.
Keeping WordPress Up to Date
Most security issues are fixed in routine updates to WordPress and its themes and plugins. Since version 3.7, WordPress automatically installs security updates by default, and since 5.5 you can set plugins and themes to update automatically. You have to do this manually, in the Plugins menu in WordPress.
Make sure you are using the latest version of WordPress, plugins, and themes by setting them to update automatically.
Use SSL Encryption (HTTPS)
SSL certificates are essential to website security. When your website is delivered over HTTPS (look for a padlock next to the URL in your browser’s address bar), SSL encrypts the connection between your server and their browser.
Client Power Tools checks for SSL and warns you if your website is not using it.
Many web hosts provide SSL certificates for free, or will at least help you get and install a certificate on your website. So if you aren’t sure where to start with getting an SSL certificate for your website, start by contacting your web developer or website hosting provider.
(Google’s ranking algorithm also prefers websites with SSL certificates, for what it’s worth.)
WordPress has a really useful Site Health tool you can find on your WordPress dashboard and under Tools / Site Health in the menu. Following those guidelines is a really good idea.
A WordPress security plugin can also help you secure your website. Here are a few security plugins to consider:
If you use a reputable security plugin and follow its recommendations, you should be good to go.
There is no such thing as perfect security.
Someone who is sufficiently motivated to break into your website (or your office, for that matter) can probably do it. So if you have reason to believe that you or your clients are likely to be targeted by someone who is sufficiently motivated, take additional precautions.