Newbie. Security Related Issue

  • Author
    Posts
  • #3221148

    danalytica
    Member

    Hi,
    I’m looking to use WP and LMS plugins for my company LMS/training platform. This is my first time to apply such projects, so, bare with me. Right now, my options are to have WP Business + Learndash plugins to meet the purpose.

    I have few questions that I would like to ask, which are:

    1. How secure is WordPress.com? User will need to enter their credentials and store data on WP. Where can I get WP security solution documentations? What area will WP cover?
    2. Do I need a plugin?
    3. As for audit purposes, where can I get the necessary audit report for WP, hosting, etc from?
    4. Do you have best practice security solutions in place? Do you mind sharing with me?

    The blog I need help with is drnorvetclinic.wordpress.com.

    #3221150

    staartmees
    Member

    I tagged this with modlook to get attention from Staff. Please wait for their response.

    #3221151

    iklno
    Member

    Hello!

    You can find WordPress.com security documentation here: https://en.support.wordpress.com/security/

    Yes, you will need a plugin for LearnDash, which you can find here: https://www.learndash.com/ …and with WordPress Business, you can upload custom plugins.

    I’m going to tag this with modlook to see if they can shed any additional light on WordPress.com security.

    #3221153

    bsanevans
    Staff

    Hi danalytica,

    It’s great to hear you’re considering WordPress.com. I will add the “modlook” tag to Tags on the right of your post to have a staff view your enquiry, too.

    In the meantime, there is a page that briefly summarizes the answers to some of the questions you posted. Go ahead and have a look. https://en.support.wordpress.com/security/

    I hope this helps!

    #3221163

    danalytica
    Member

    Thank you all for the response.

    What about documentation/material for audit purposes? Is it available off the shelf or I have to install plugins for it?

    #3221193

    Hi danalytica,

    Do you have best practice security solutions in place? Do you mind sharing with me?

    If you haven’t done so already, I recommend reading through the security documentation @musicsuzuranbbc and @nikolnieto linked to:

    https://en.support.wordpress.com/security/

    That gives an overview of how we protect sites and a few steps you to take to help increase the security of your account. Two step authentication is something I strongly recommend you look in to:

    https://en.support.wordpress.com/security/two-step-authentication/

    Do I need a plugin?

    The security documentation above mentions the security measures in place on our side, so using plugins isn’t something you have to do in order to secure a site. Sites using the Business plan can install plugins for specific security features — there are a couple which aren’t compatible with WordPress.com though:

    https://en.support.wordpress.com/incompatible-plugins/#miscellaneous

    What about documentation/material for audit purposes?

    Can you clarify what sort of auditing process you are referring to here?

    #3221748

    danalytica
    Member

    Thanks gemmacevans,

    Got it.

    As for the audit part, I would like to know how to get the audit documentation, such as access logs, permissions/roles as well as authentication logs n methods.

    #3221752

    danalytica
    Member

    *authentication logs

    #3222531

    kokkieh
    Staff

    As for the audit part, I would like to know how to get the audit documentation, such as access logs, permissions/roles as well as authentication logs n methods.

    Can you please explain what audit documentation exactly you’re speaking of?

    The security link @gemmacevans shared above is the only public documentation about our security processes on WordPress.com.

    Along with that you can see all activity by all users on your site in the Activity section in the dashboard:

    http://en.support.wordpress.com/activity/

    We do not provide any other logs besides those.

    You can see the user roles included in WordPress.com by default and the permissions each role has here:

    https://en.support.wordpress.com/user-roles/

    For any additional user roles added by plugins you might install on a site, you’d need to ask the developers of those plugins for more information.

    #3222547

    danalytica
    Member

    Hi kokkieh,

    Thanks for the response, and this is indeed very helpful.

    Before I forgot, where can I refer to if I want to get information on your security standards i.e. ISO, certification, etc.

    Again, many thanks.

    #3222589

    kokkieh
    Staff

    All our public security information are at the link @gemmacevans provided above:

    https://en.support.wordpress.com/security/

    #3225188

    danalytica
    Member

    Hi,

    Do you guys have out of the box solutions to make WP HIPAA compliance?

    #3225418

    kokkieh
    Staff

    We do not have any special measures for something like that, no.

    If you can provide some more details on the exact requirements I might be able to provide some advice or recommendation, but if we’re speaking of strict regulations on how data should be stored and who is allowed to have access to it, then WordPress.com might not be the best fit for you.

    In that case running your own installation of WordPress on your own private server will probably be required, if you specifically wanted to go with WordPress rather than a custom-built system.

    #3225931

    danalytica
    Member

    Hi,

    This will be used as LMS for government health care entity. Hence, the strict requirement such as audit logs, ISO and even the HIPAA certified application as well as web hosting. WP is currently one of many platform that we are looking at, and keen to make WP work thanks to large community and tons of out of the box plugins that you guys have.

    #3226448

    WordPress.com is not HIPAA compliant and we can’t provide any legal advice on the matter. You need to hire someone privately to help you sort out the compliance of the US federal government.

The topic ‘Newbie. Security Related Issue’ is closed to new replies.