Technical and Security Information

  • Unknown's avatar
    pwctlsblog · Member ·

    Hi, I work for a firm that needs different information to use wordpress. We have to pass from different processes that require many technical and security information. To start we need a contact of wordpress like reference for the project. Do you know to whom I can ask?

    The blog I need help with is: (visible only to logged in users)

  • Unknown's avatar
    pwctlsblog · Member ·

    The website is a small blog

  • staff-mckluskey · Staff ·

    Hi there!

    We’d be happy to point you in the right direction but we’ll need to know some more details about what you’re trying to achieve :)

  • Unknown's avatar
    pwctlsblog · Member ·

    Within my company, to approve a tool like WordPress is necessary a process of verification that pass through different steps. That is necessary to demonstrate that there isn’t security problem of bug and data loss. The first step that is required is to have a contact of reference that can guaranty the feasibility of the information provided.

  • staff-doublebassd · Staff ·

    Hi there,

    The biggest reference we usually provide is our security support page, which breaks down how we protect your sites and recommendations on how you can further protect your site from your end:

    Keep Your Site Safe and Secure

    Our company provided a page on Privacy Policy that you can read here:

    Privacy Policy

    Here is information in regards to WordPress.com and GDPR:

    Your WordPress.com Site and the GDPR

    Hope that helps. let me know if you have any other questions.

    Thanks,

  • Unknown's avatar
    pwctlsblog · Member ·

    Thanks for your valuable information. Do you know also where I can find information about the type of server, PHP, database etc?

  • staff-mckluskey · Staff ·

    I believe this is what you were looking for:

    PHP Environment

    Let us know if you need more information.

  • Unknown's avatar
    pwctlsblog · Member ·

    Perfect! Thanks.

  • Unknown's avatar
    lchiacchio · Member ·

    Hi, I have other questions from my security offices, can you help me to answer?
    ———-
    The lower risk nature of this tool does not warrant a full risk assessment. Please confirm the following controls are in place. Based on your confirmation/ attestation Application Readiness approval will be provided.

    1) has Imperva/ Incapsula’s firewall been implemented for this tool?

    2) Is data encrypted in transit?

    3) Are application logs sent to NIS Splunk for logging and monitoring?

    4) Have the security testing (pen tests and code scans) been initiated?

    5) Are appropriate access controls in place (including segregation of duties and least privilege enforced and privileged access management)?

  • Unknown's avatar
    pwctlsblog · Member ·

    Hi, I have other questions from my security offices, can you help me to answer?
    ———-
    The lower risk nature of this tool does not warrant a full risk assessment. Please confirm the following controls are in place. Based on your confirmation/ attestation Application Readiness approval will be provided.

    1) has Imperva/ Incapsula’s firewall been implemented for this tool?

    2) Is data encrypted in transit?

    3) Are application logs sent to NIS Splunk for logging and monitoring?

    4) Have the security testing (pen tests and code scans) been initiated?

    5) Are appropriate access controls in place (including segregation of duties and least privilege enforced and privileged access management)?

  • The topic ‘Technical and Security Information’ is closed to new replies.