Security
-
We have a large client that is looking to incorporate an upgraded WordPress.com blog (http://en.wordpress.com/products/) into their site via an RSS feed (no additional plugins needed). Due to an NDA, I can not release the name, however, I can assure you that they are a fortune 500 company with over 150,000 employees. Their IT department had some questions pertaining to the WordPress.com hosting security:
1. If someone were to view the page source and find the link back to the external WordPress site, what are the risks?
2. Would a WordPress.com hosted blog pass a PCI compliancy test?
3. What steps have already been taken to address known WordPress vulnerabilities?
4. Without providing specific details, can you provide a brief description to the security environment (i.e. plugins, firewalls, etc.)?
5. What maintenance checks need to be performed to ensure that these security measures are still in place?
6. What role does my client’s IT department need to play in maintaining security of the WordPress.com hosted blog?
7. Would the WordPress.com facilities pass an audit? When was the last one performed? (i.e. is the server and guest information physically and digitally secure)?
8. Does Automattic or WordPress offer additional support (with montly cost) that is NOT the VIP services?
9. Will my client have the ability (added cost?) with viewing any access logs?Regards,
David Galliford
Evolve Design Group
- The topic ‘Security’ is closed to new replies.
WordPress.com Forums 