" wordpress Archives - Page 2 of 3 - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more

Posts Tagged ‘wordpress’

WordPress Security Overview: Can WordPress be HIPAA-compliant?

Monday, March 13th, 2017
For a deep dive, see our white paper: Securing WordPress

WordPress is a content management system that dominates the internet, powering more than 24% of the web. Although it has many great features that make it quick and easy to set up, the complications associated with HIPAA standards can make it difficult to achieve compliance. WordPress has recovered from a checkered past as far as security is concerned, but it is still a third party tool which is not specifically designed to conform to HIPAA standards.

WordPress Security

Read the rest of this post »

Embedding SecureForms into WordPress using an iframe

Monday, March 14th, 2016

WordPress is an incredibly popular Web site management and blogging platform.  Customers inquire of LuxSci frequently about the best way to add forms to their WordPress pages and posts.  Not just any forms — complex forms that can be HIPAA-compliant and which can submit data securely through SecureForm.

There are numerous options here.  The two most popular are GravityForms and embedding forms with an iframe.  GravityForms is popular and very cool, but not free.  Also as GravityForms is complex and really wants to manage all of your form data itself (insecurely), integration with SecureForm is limited:

  • Multiple forms on the same page can be tricky
  • Ink Signatures can not be captured
  • File uploads can not be captured

Another alternative, which is free as it is included with your SecureForm service, is to:

  1. Build your form with SecureForm FormBuilder
  2. Embed this form into your WordPress page or post using an iframe

What is an “iframe?”  it is a tool that allows you embed one Web page within another Web page.  When you build a form with FormBuilder — that form is automatically saved and hosted securely for you and you are provided with the Web site address (URL) for that form.  All you need to do is to “insert” that hosted form into your WordPress page/post and you are all set.  All FormBuilder features are then also supported: Ink Signatures, file uploads, geolocation, etc.

Read the rest of this post »

Securing WordPress. Protect your Site or Blog from Escalating Attacks!

Thursday, July 11th, 2013
For a deep dive, see our white paper: Securing WordPress

WordPress is used by about 15% of the top 1 million web sites on the web and manages about 22% of all web sites as of August 2011.  It has only been growing since then.  Indeed, a large fraction of our hosting clients use WordPress, as does LuxSci for many different applications (e.g. blog, server status, video blog, etc.).

Unfortunately, WordPress has a history of being attacked, having significant security vulnerabilities, and being a source of security pain for web site administrators.

Things have gotten markedly worse recently:

  1. Bot Net Attack:  Wordpress sites all across the Internet are being attacked by a botnet that is attempting to guess administrative and user credentials by brute force.  This is compromising sites and causing significant load on web hosting servers.  This attack is “light” now, but expected to get only worse says CloudFlare, a cloud security firm. Indeed, LuxSci.com sees these attacks constantly on all WordPress sites that we host. We have measures in place to auto-block IP addresses that appear to be attacking WordPress sites; however, as the attack is coming from more than 90,000 different, unrelated IP addresses, they are hard to block outside of WordPress itself (see below for how to block them). These attacks are going after “wp-login.php”, the user name “admin” and trying the most common 1000 or so passwords.  Besides that, the sheer burden of the massive, if simple, attack is straining web hosting servers across providers.
  2. Vulnerabilities: Most problems with compromised WordPress sites arise due to vulnerabilities in the WordPress software or installed plugins.  Vulnerabilities are continuously found and corrected and new versions of the software released.  However, the vast majority of WordPress sites do not update their software, or seldom update. Attackers troll the Internet looking for outdated WordPress installs and then attack them with known vulnerabilities to gain control over these sites.  With more and more WordPress sites out there, there are more and more sites that are not keeping abreast with security updates.  They are ripe for the picking.
In this article, we discuss the best practices for securing your WordPress site.  Wordpress is a great tool if used properly.

Read the rest of this post »

Simplified FTP/SFTP Management of WordPress, Joomla, and other CMS-based web sites

Thursday, June 27th, 2013

Most modern content management systems (CMS) for web sites, like WordPress, Joomla, Drupal, etc., are PHP-based.  So, when these sites are run by the web server, they generally run with as the web server server for maximum speed/performance.*

This is all well and good, and LuxSci supports easily bulk assigning ownership of your site files to the “web server” so that these content management systems, running as the web server, can upload new files, modify files in your web site file space, etc.

It all works well and easily …. until you want to also manage these files via FTP or SFTP.  In general, when one uses FTP or SFTP to connect, your session is owned by the user that you are logging into FTP or SFTP with … and that is not the “web server”. This causes problems:

Read the rest of this post »

WordPress for HIPAA and ePHI? Is that a good idea?

Tuesday, February 12th, 2013
For a deep dive, see our white paper: Securing WordPress

WordPress is an extremely popular content management system for both blogging and creating web sites.  It’s popular because it is quick to set up, easy to administer, has a very large supported base of add-ons, and looks good.  As a result, many LuxSci customers use WordPress in one fashion or another for their web sites hosted at LuxSci.

As we cater to a large segment of customers who have specific compliance needs, e.g. HIPAA compliance, we frequently are asked about using WordPress with ePHI … e.g. using WordPress to provide access to protected health information for members of the WordPress site.

Can this be compliant?  Is it a good idea?

Read the rest of this post »

LUXSCI