In your website’s Security Settings, you can manage certain aspects of your site’s security. This guide will explain each setting.
This feature is available on sites with the WordPress.com Business and Commerce plans, and the legacy Pro plan. If you have a Business plan, make sure to activate it. For sites on the Free, Personal, and Premium plans, upgrade your plan to access this feature.
In this guide
To visit the Security Settings:
- Visit your site’s dashboard.
- Navigate to Jetpack → Settings.
- Select the “Security” tab.
Each setting found here is explained below.
Your site is automatically and regularly backed up with Jetpack Backup and Scan. You can review and restore from a backup at any time. Learn more about backups and restoring your website.
While rare, a site may go offline if an unexpected error occurs, such as an unsuccessful plugin or theme update. In these cases, you can have Jetpack monitor your site and notify you if it becomes unresponsive. This is a great way to reduce downtime on your site.
Your site is automatically protected from spam with Akismet. Akismet filters comment, form, and text spam on your site.
Jetpack monitors login attempts on your site to identify and block malicious actors who may try to gain access with a technique called brute force login attacks. When an attacker fails to log into your site too many consecutive times, Jetpack temporarily blocks any further login attempts from their IP and may present a math problem to solve to get back in.
WordPress.com uses features from our own admin alongside the traditional WP Admin dashboard. We enable “Allow users to log in to this site using WordPress.com accounts” by default to seamlessly bridge the WP Admin and WordPress.com settings. This setting is referred to as Secure Sign On.
We recommend keeping this setting turned on, as disabling this option will result in some pages in the dashboard prompting you to log into WP Admin manually. For more details, check out our Secure Sign On page.
