Security Best Practices

Protect your Berican Labs account:

• Strong password: Use 16+ characters with mixed case, numbers, symbols
• Enable 2FA: Required for admin access
• Unique password: Don't reuse passwords from other sites
• Password manager: Use one to generate and store passwords
• Review sessions: Check active sessions in Account Settings

Secure your WordPress sites:

• Keep updated: Always run latest WordPress, themes, and plugins
• Remove unused: Delete inactive themes and plugins
• Use strong passwords: For all WordPress user accounts
• Limit login attempts: Built-in on Berican Labs
• Security plugin: Consider Wordfence or Sucuri
• Hide wp-admin: Change the login URL if targeted

Keep your API keys safe:

• Never commit: Don't put API keys in version control
• Use environment variables: Store keys in env vars, not code
• Rotate regularly: Generate new keys periodically
• Limit scope: Use keys with minimum required permissions
• Monitor usage: Check API logs for unusual activity

Handle secrets properly:

• Never expose secrets in client-side code
• Use server-side environment variables
• Don't log sensitive values
• Rotate compromised secrets immediately
• Use different secrets for staging vs production

# Good - server side only
DB_PASSWORD=secret

# Bad - exposed to browser
NEXT_PUBLIC_DB_PASSWORD=secret

If you suspect a security breach:

1. Don't panic: Act quickly but carefully
2. Change passwords: Immediately change all passwords
3. Rotate keys: Generate new API keys
4. Check access logs: Review for unauthorized access
5. Contact support: We can help investigate and remediate
6. Restore from backup: If files were modified