Security is our top priority here at CMS Commander! We follow industry standards for security and encryption and have added lots of features to the software that help you secure your account even further. This page answers several common questions regarding security.
How can CMS Commander manage my sites without requiring my password?
We do not require your WordPress admin password to manage your sites because all communication is handled by our CMS Commander client plugin that you need to install on all sites you want to add to your account. Once you add your site to CMS Commander a unique key is created that acts as a password for your site. All messages to CMS Commander are then sent through encrypted channels, making it impossible to intercept them for 3rd parties.
But then why is there an option to enter my password when adding a new site?
For your convenience we offer you a way to install our client plugin automatically while you add your sites to CMS Commander. To do this you need to enter your WordPress admin password, which is then used to install the plugin to your site. The password is not saved and only used for the plugin installation. If you prefer you can install the client plugin manually in your WordPress admin area (on the “Plugins” screen) and then you don’t need to enter your password.
Can’t other people manage my sites through CMS Commander?
No, that is impossible. Once you have added your site to CMS Commander a unique connection is established between your blog and the CMS Commander control panel and secured by an encrypted key code. No one else can add your site to their own account or access your site against your will, even if they know that it is managed by CMS Commander.
How can I better secure my CMS Commander account?
Since all your sites are connected to it your CMS Commander account if someone could obtain your password he could then also access your sites. To remove that risk we have added a 2-factor authentication feature to CMS Commander which adds a second level of security besides your password to all logins.
With 2-factor authentication activated a unique message needs to be entered each time you want to log in. The message is displayed on your cellphone, so even if someone else knew your CMS Commander account password he would not be able to login!