WordPress.org

Ready to get started?Download WordPress

Forums

Client wants info regarding the security employed in the WordPress... (16 posts)

  1. ghuznee
    Member
    Posted 3 years ago #

    Hi there,

    This is what has been requested from me:

    Could you send me info regarding the security employed in the WordPress functionality in handling the privacy of personal data and content in general"

    Can someone point me in the write direction? She wants a lawyer to have a look at it.

    If this is not something that is out there or even realistic, what should I tell her?

    Any help would be highly appreciated.

    Thanks,

    James

  2. Samuel B
    moderator
    Posted 3 years ago #

  3. ghuznee
    Member
    Posted 3 years ago #

    Hi there,

    Thanks for the email address but what should I do with it?

    Thanks,

    James

  4. Samuel B
    moderator
    Posted 3 years ago #

    ask your questions there

  5. ghuznee
    Member
    Posted 3 years ago #

    Hi,

    I tried but the email address doesn't work. I tried twice.

  6. Samuel B
    moderator
    Posted 3 years ago #

    hmm...guess it's been killed

    don't know what to tell you

    I doubt wordpress - or any software - will guarantee anything given that users have control over passwords, plugins installed, etc.most hacks are from crappy passwords on shared servers

  7. ghuznee
    Member
    Posted 3 years ago #

    I sent her the privacy policy and her reply is:

    Hi James, WordPress’s privacy statement doesn’t say whether they will hold the identifiable personal data, and where such data will be stored and the security measure on them. Anywhere we can find out their policy in manipulating (or will they be involved in the use/access to) personal identifiable data entered through the Comments Posting functionality?

    any ideas?
    Oh to have a non b@ll aching client!!

  8. Samuel B
    moderator
    Posted 3 years ago #

    here is what wordpress.com says
    http://en.support.wordpress.com/security/

  9. esmi
    Forum Moderator
    Posted 3 years ago #

    Is this for a self-hosted site or a wordpress.com site?

  10. ghuznee
    Member
    Posted 3 years ago #

    It's for a self hosted site. Using the WordPress platform.

    Essentially she wants legal assurances that WordPress (or anybody for that )don't keep any of the information such as email addresses etc...

    That sort of thing.

  11. esmi
    Forum Moderator
    Posted 3 years ago #

    WordPress.org don't keep any personal data on self-hosted sites. They simply distribute the WordPress software.

  12. ghuznee
    Member
    Posted 3 years ago #

    Thanks for that. Is there anywhere you can point me which confirms this information?

  13. Samuel B
    moderator
    Posted 3 years ago #

    good lord! .org distributes software only
    you download it - you install it
    wordpress has nothing to do with it after that

    does your client think there some super-secret code in wordpress to harvest info? don't you think this would have been screamed about from code savvy users by now? after all, wordpress has been out for years now.
    you won't find any info on this - well...because it's ridiculous

  14. ghuznee
    Member
    Posted 3 years ago #

    Ha well put. I'll let the client know. Thanks a bunch

  15. Chip Bennett
    Theme Review Admin
    Posted 3 years ago #

    wordpress has nothing to do with it after that

    Not entirely true.

    Self-hosted WordPress does "phone home" to WordPress.org, via api.wordpress.org. But this communication transmits information only about the installation environment*, and nothing (as far as I know) about site visitors/users.

    Also, if the site uses the Akismet plugin, some potentially personally identifiable user data are transmitted to the Akismet service (user IP, email address, etc. - typical comment data).

    * WordPress transmits to api.wordpress.org information such as: installation IP address, server environment (PHP/MySQL versions), WordPress version, installed/active Plugins, installed/active Themes, etc.

  16. esmi
    Forum Moderator
    Posted 3 years ago #

    Self-hosted WordPress does "phone home" to WordPress.org, via api.wordpress.org

    I considered that but it doesn't have anything to do with personal identifiable data obtained via logins or commenting. Plus, if you're really determined, you can switch phone home off, yes? Akismet, like any other 3rd party service, has to be assessed separately.

Topic Closed

This topic has been closed to new replies.

About this Topic