Newbie. Security Related Issue
-
Hi,
I’m looking to use WP and LMS plugins for my company LMS/training platform. This is my first time to apply such projects, so, bare with me. Right now, my options are to have WP Business + Learndash plugins to meet the purpose.I have few questions that I would like to ask, which are:
1. How secure is WordPress.com? User will need to enter their credentials and store data on WP. Where can I get WP security solution documentations? What area will WP cover?
2. Do I need a plugin?
3. As for audit purposes, where can I get the necessary audit report for WP, hosting, etc from?
4. Do you have best practice security solutions in place? Do you mind sharing with me?The blog I need help with is: (visible only to logged in users)
-
-
Hello!
You can find WordPress.com security documentation here: https://en.support.wordpress.com/security/
Yes, you will need a plugin for LearnDash, which you can find here: https://www.learndash.com/ …and with WordPress Business, you can upload custom plugins.
I’m going to tag this with modlook to see if they can shed any additional light on WordPress.com security.
-
Hi danalytica,
It’s great to hear you’re considering WordPress.com. I will add the “modlook” tag to Tags on the right of your post to have a staff view your enquiry, too.
In the meantime, there is a page that briefly summarizes the answers to some of the questions you posted. Go ahead and have a look. https://en.support.wordpress.com/security/
I hope this helps!
-
Thank you all for the response.
What about documentation/material for audit purposes? Is it available off the shelf or I have to install plugins for it?
-
Hi danalytica,
Do you have best practice security solutions in place? Do you mind sharing with me?
If you haven’t done so already, I recommend reading through the security documentation @musicsuzuranbbc and @nikolnieto linked to:
That gives an overview of how we protect sites and a few steps you to take to help increase the security of your account. Two step authentication is something I strongly recommend you look in to:
Do I need a plugin?
The security documentation above mentions the security measures in place on our side, so using plugins isn’t something you have to do in order to secure a site. Sites using the Business plan can install plugins for specific security features — there are a couple which aren’t compatible with WordPress.com though:
https://en.support.wordpress.com/incompatible-plugins/#miscellaneous
What about documentation/material for audit purposes?
Can you clarify what sort of auditing process you are referring to here?
-
Thanks gemmacevans,
Got it.
As for the audit part, I would like to know how to get the audit documentation, such as access logs, permissions/roles as well as authentication logs n methods.
-
-
As for the audit part, I would like to know how to get the audit documentation, such as access logs, permissions/roles as well as authentication logs n methods.
Can you please explain what audit documentation exactly you’re speaking of?
The security link @gemmacevans shared above is the only public documentation about our security processes on WordPress.com.
Along with that you can see all activity by all users on your site in the Activity section in the dashboard:
We do not provide any other logs besides those.
You can see the user roles included in WordPress.com by default and the permissions each role has here:
https://en.support.wordpress.com/user-roles/
For any additional user roles added by plugins you might install on a site, you’d need to ask the developers of those plugins for more information.
-
Hi kokkieh,
Thanks for the response, and this is indeed very helpful.
Before I forgot, where can I refer to if I want to get information on your security standards i.e. ISO, certification, etc.
Again, many thanks.
-
All our public security information are at the link @gemmacevans provided above:
-
-
We do not have any special measures for something like that, no.
If you can provide some more details on the exact requirements I might be able to provide some advice or recommendation, but if we’re speaking of strict regulations on how data should be stored and who is allowed to have access to it, then WordPress.com might not be the best fit for you.
In that case running your own installation of WordPress on your own private server will probably be required, if you specifically wanted to go with WordPress rather than a custom-built system.
-
Hi,
This will be used as LMS for government health care entity. Hence, the strict requirement such as audit logs, ISO and even the HIPAA certified application as well as web hosting. WP is currently one of many platform that we are looking at, and keen to make WP work thanks to large community and tons of out of the box plugins that you guys have.
-
WordPress.com is not HIPAA compliant and we can’t provide any legal advice on the matter. You need to hire someone privately to help you sort out the compliance of the US federal government.
- The topic ‘Newbie. Security Related Issue’ is closed to new replies.
WordPress.com Forums 