Control Spot logo
/
Docs
/
Security & Best Practices

Security & Best Practices

Control Spot manages sensitive operations across your websites. Following security best practices ensures your data, websites, and resources remain safe.

Website Secret Keys
What are website secret keys?
Secret keys are unique authentication tokens that connect Control Spot to each registered website. Treat them with the same care as passwords.
How should I handle secret keys?
Never share or expose your secret key in public repositories or with untrusted parties. If you suspect it has been compromised, you should regenerate it.
When can I regenerate a secret key?
A new secret key can only be generated if your website is currently accessible. Regenerating a key updates both Control Spot and the website. If the website is unreachable, do not regenerate — the connection will be lost.
Does Control Spot rotate keys automatically?
Yes. Control Spot automatically rotates website secret keys approximately every 90 days to improve security. This requires that your websites remain accessible during rotation.
Account Security
How do I keep my account secure?
Always use a strong password for your Control Spot account and avoid sharing your login credentials. If two-factor authentication becomes available, enable it for additional protection.
Resources (Themes, Plugins, Snippets, Reports)
What should I know before uploading resources?
Only upload valid and trusted archives. Avoid using resources from unverified sources, as they can compromise both your website and Control Spot.
Using Snippets Safely
Are snippets safe?
Snippets are powerful and should only be used if you fully understand the code. A broken or malicious snippet can harm your website.
General Best Practices
  1. Keep WordPress, plugins, and themes updated regularly.
  2. Use Control Spot Actions to manage updates safely across multiple websites.
  3. Review system reports frequently to identify potential risks in your environment.
  4. Limit access to Control Spot within your team — only trusted administrators should manage secret keys and sensitive actions.
On this page
Website Secret KeysAccount SecurityResources (Themes, Plugins, Snippets, Reports)Using Snippets SafelyGeneral Best Practices
Control Spot logo
Company
About
Docs
Contact
Pricing
FAQ
Changelog
Terms of Service
Privacy Policy
Refund Policy
Features
Manage themes
Manage plugins
Manage snippets
Manage core
Configuration Reports
Account
Sign In
Sign Up
Manage Cookies
© Copyright 2025 Control Spot. All rights reserved.