Keeping your MailerLite account secure

Understanding the common reasons why accounts get hacked can help you take proactive measures to protect your MailerLite account. Common scenarios that lead to an account hacking are:

🔓 Weak passwords: Simple or commonly used passwords are easy targets for hackers. Using the same password across multiple accounts is also a hacking risk.

🎣 Phishing attacks: Fraudulent emails or websites that trick you into revealing your login credentials.

🦠 Malware and viruses: Malicious software can compromise your computer and access your account. Outdated software can also leave you exposed to vulnerabilities.

🛜 Unsecured networks: Using public or unsecured Wi-Fi networks can expose your account to cyber threats.

When a hacking occurs, it puts your information and the information of others at risk. Breaches of your email marketing account may leak sensitive data, including contact lists and personal information.

Enable two-factor authentication (2FA)

Two-factor authentication (2FA) adds an extra layer of security to your account by requiring a second form of verification in addition to your password. 

To learn how to set up two-factor authentication for your MailerLite account, check our guide How to turn on two-factor authentication (2FA)

Secure API tokens with IP restrictions

When creating an API token in MailerLite, you can specify which IP addresses can access the API key. Use our IP Allowlist feature to create a list of trusted IP addresses to be sure that only requests coming from these specified IP addresses will be accepted, adding an additional layer of security.

Configure user permissions

A MailerLite account admin can assign different permission levels to account users, enhancing security by controlling access based on roles:

• Administrator: Full access to the account, including exporting subscribers, accessing billing, and creating/deleting users.

• Manager: Full access except for exporting subscribers, accessing billing, or creating/deleting users.

• Viewer: Can only view reports.

• Accountant: Can only access billing.

• Custom user: Create a custom user by selecting specific permissions for that user.

Do not share your login credentials with anyone. If you need someone (e.g., your web developer, a contractor, PA, etc.) to access your account, create a new user for them with necessary permission restrictions. This prevents unauthorized access and ensures you maintain control over your account.

By assigning appropriate roles, you can limit access to specific areas of your account, which reduces the risk of sensitive data being exposed to the wrong individual. 

Strong password practices

Be sure to create passwords with a mix of letters, numbers, and special characters. When creating a new password, use a different one for each account to prevent the possibility of multiple accounts being hacked if the password is exposed.

Secure your computer and access points

Using reliable antivirus software to protect against malware and viruses is vital, as well as keeping your operating system up-to-date.

When you are working remotely and connecting to outside internet networks, try to avoid accessing your MailerLite account over public Wi-Fi. If necessary, use a virtual private network (VPN) for a more secure connection.

If you suspect that your account has been compromised, follow these steps right away:

Immediate actions

1. Change your password. Update your password to a new, strong one.

2. Enable 2FA: If not already enabled, set up two-factor authentication.

3. Check your account activity: Review your recent account activity (sent campaigns, subscribers imported or deleted) to identify any unauthorized actions.

4. Contact support: Reach out to MailerLite support for assistance and report the incident.

5. Scan for malware: Run a full scan of your computer with antivirus software to ensure it’s free of malware.

By following these steps and best practices to secure your account, you can be sure that your MailerLite account and data are well protected 🔐