I have been working on WordPress for a few years now and designed several websites they are not perfect but I try to have some care on security and performance, balancing iser needs and the type of website. A couple of weeks ago a system administrator where my last website was going to refuses to have the website in his server or even having it in another server and just using a subdomain to access it because it says it fails a set of tests he defined as being the standard for any website in his system (actually anywhere). This is a one page website with not even a contact form, so no user data is being asked.
This level of requirements is a first to me.
I tried to argue that what he was asking was not reasonable for a WordPress website (or any CMS, or anything really…) but he insists. The actual client needs his aproval to accept the website. I wanted to know if it is me who is going crazy or is this absurd.
Part of the requirements are:
* NO HTML errors/no warnings as measured using this: https://validator.w3.org/
* NO CSS errors/warnings as measured using this https://jigsaw.w3.org/css-validator/
* No CSS inline
* Zero high/medium/low risk as measured using https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
The list continues but for now the first 4 fail aready and this is the issue. From my point of view this is not feasible and not possible to ensure it will continue like that on the medium/long term as the website stays online.
Can I have your comments on this? any suggestions or help you can give me?
- The topic ‘WordPress Security’ is closed to new replies.