Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 2 of 2
  1. #1
    Junior Member
    Join Date
    Nov 2013
    Posts
    1
    Member #
    37819

    Need a few secure pages on a new Wordpress Page. What is the most secure way

    I'm developing a website that will be, to most visitors, just a brochure website with information of the company.
    However there needs to be 5 separate pages that can be accessed by 5 different clients. I can update these and they can follow a link and enter a password to view the page. The information will be quite sensitive ( insurance claims information)

    The way I am currently thinking of going about this is to create the pages and make them password protected in wordpress. Giving them 16 digit passwords with lowercase, uppercase, numerical and special characters to make it as secure a password as possible.

    I know I will also have to make the admin password for the site just as secure as the admin will have access to the password protected pages. Is this a safe way to go about this?! As the clients wont be entering any information just viewing the pages would be no need for an SSL cert right?

    Any feedback appreciated.

  2.  

  3. #2
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,485
    Member #
    425
    Liked
    2783 times
    Are you serious? Come on, that's got to be a joke. You want to use the poster child for open source insecurity and botnet attacks to house sensitive information, and on top of that you're not going to use an SSL. That is beyond insane.

    If you have sensitive information, you need an SSL. Period. It doesn't matter who enters the information...someone has to enter it in order for it to be there, whether it's the insurance company, you, or their clients. Claims information is sensitive and private. Protect it. Don't be naive and foolish about it either...lock that sumbitch down and you do everything humanly possible to make sure no one who isn't supposed to get it at it can get at it.

    Another thing you'll need to bear in mind is that your underwriter and/or any governing body that oversees your broker (I'm assuming this is a broker we're talking about because there's no way an underwriter would come up with this idea) will probably have some very strict rules as far as what you can and can't say and what you can and can't do on the site. I've been working on a site for a broker for one of the oldest and most well-known insurance companies in the world, and the only thing we've been able to do in 3 months has been to get the layout approved, get copy approved for the home page and a radio commercial. The underwriter inspects everything and we can't launch any advertising of any sort without them approving it first. They had to approve the layout, the logo, the colors, the position of their logos, the spacing around their logos, the words used, and all sorts of stuff to protect them from liability. What you're proposing puts both your broker and the underwriter in a significant position of liability.

    If you're going to do this at all, do it with an SSL, build it properly from scratch, make sure it's secured, be sure that people don't go giving out passwords and such (you'll probably have to have a feature to expire passwords every 30 days or so and check to make sure passwords don't get recycled), patch the server with any available updates, run it through any half-decent scanner, and you'll probably want to purchase something like this:

    https://www.sitelock.com/web-application-firewall.php

    Oh, and when you're done the server patching and updates...guess what? You get to do it over and over and over and over and over again...or find a really good hosting partner that can do it for you.

    Basically, your job is all kinds of nasty even though "it's a simple application for only 5 clients". This is not something for W*rdPr*ss. The site may be, but the claim info isn't.

    The problem with things are explained as "easy" is that they quite often aren't. They require a lot of time and a lot of money.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Tags for this Thread

All times are GMT -6. The time now is 11:24 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com