Restricted Data

Unless you have gone through a risk assessment and received approval to collect, store, transmit, or process restricted data on your website, you should not do so. Restricted data includes, but is not limited to:

For more information, visit the Information Security Office’s Data Classification Guidelines webpage.

WordPress Security

WordPress is not inherently less secure than other web content management platforms. In part, it’s a victim of its own success: with a high profile and a large number of non-technical users comes increased vulnerability. Whatever software you use, failing to follow best practices and security recommendations can leave your site open to attacks.

A few of the steps you can take to make your site more secure:

  • Make sure WordPress and plugins are kept updated
  • Run the most recent PHP version
  • Limit wp-admin access to on-campus IPs or Gatorlink VPN
  • Limit granting of Super Admin and Administrator permissions to those who really need it (and remove users who leave your unit from the site)
  • Use two-factor authentication
  • Use a WordPress security plugin such as Sucuri or WP fail2ban
  • Back up your site (database and files) regularly

More information and detailed recommendations: