Restricted Data
Unless you have gone through a risk assessment and received approval to collect, store, transmit, or process restricted data on your website, you should not do so. Restricted data includes, but is not limited to:
- Medical records
- Social Security numbers
- Credit card numbers
- Driver licenses
- Non-directory student records
- Export controlled technical data
For more information, visit the Information Security Office’s Data Classification Guidelines webpage.
WordPress Security
WordPress is not inherently less secure than other web content management platforms. In part, it’s a victim of its own success: with a high profile and a large number of non-technical users comes increased vulnerability. Whatever software you use, failing to follow best practices and security recommendations can leave your site open to attacks.
A few of the steps you can take to make your site more secure:
- Make sure WordPress and plugins are kept updated
- Run the most recent PHP version
- Limit wp-admin access to on-campus IPs or Gatorlink VPN
- Limit granting of Super Admin and Administrator permissions to those who really need it (and remove users who leave your unit from the site)
- Use two-factor authentication
- Use a WordPress security plugin such as Sucuri or WP fail2ban
- Back up your site (database and files) regularly