If you’re not familiar with the WordPress security issue, read our WordPress security article first.
This article explains how to do it safely.
1.
Enable the ‘secure upload’ feature in WordPress.
When you set up your WordPress website to be used for storing sensitive data, you need to enable the ‘Secure Upload’ option.
You can do this from within the WordPress admin menu, or by clicking the ‘Admin’ button under ‘Security’.2.
Click ‘Add Custom Fields’.
Click the ‘Add New’ button and select the ‘Security’ field.
Select ‘Enable Secure Upload’.3.
Click the Add button and enter your username and password for the new security field.
You’ll be prompted to confirm.4.
Click OK and you’ll be directed to the ‘Settings’ page.
Select the ‘Content Security Policy’ option and click ‘Save Settings’.5.
Go to ‘Security Settings’ and check the ‘Allow access from the Internet’ checkbox.
Click ‘Save’.
Once you’re done, you’ll need to update your security settings.
You should now see a new field called ‘User ID’ appear in your security policy.
You need to ensure it’s set correctly before you can upload your data.
Here’s how to enable this option.1.
Enable ‘Secure upload’ option in WordPress (Settings -> Security Settings -> User ID)2.
Enter your username in the ‘Username’ field3.
Select your security profile (if any)4.
Check ‘Allow the uploading of files from the internet’.
If you have multiple security profiles set, then check the boxes next to each one.5.
Click Save and click the ‘Save Changes’ button.
Once you’ve finished, you should now have a new ‘UserID’ field appearing in your WordPress security policy in your settings.
To make sure your user is safe, make sure the site you’re uploading is one you control and use that user’s password.
This post is from our WordPress Security team.
Please share what you think in the comments section below.
Read next: This article takes an overview of what the new WordPress security features will mean for businesses in the UK