{"id":8063,"date":"2019-01-31T09:28:25","date_gmt":"2019-01-31T14:28:25","guid":{"rendered":"https:\/\/www.eng.ufl.edu\/marcom\/?page_id=8063"},"modified":"2025-09-23T15:22:54","modified_gmt":"2025-09-23T20:22:54","slug":"information-security","status":"publish","type":"page","link":"https:\/\/www.eng.ufl.edu\/marcom\/resources\/web-services-standards\/information-security\/","title":{"rendered":"Information Security"},"content":{"rendered":"<h2>Restricted Data<\/h2>\n<p>Unless you have gone through a risk assessment and received approval to collect, store, transmit, or process restricted data on your website, you should not do so. Restricted data includes, but is not limited to:<\/p>\n<ul>\n<li>Medical records<\/li>\n<li>Social Security numbers<\/li>\n<li>Credit card numbers<\/li>\n<li>Driver licenses<\/li>\n<li><a href=\"https:\/\/registrar.ufl.edu\/ferpa.html\">Non-directory student records<\/a><\/li>\n<li>Export controlled technical data<\/li>\n<\/ul>\n<p><em>For more information, visit the Information Security Office&#8217;s <a title=\"More information\" href=\"https:\/\/it.ufl.edu\/policies\/information-security\/related-standards-and-documents\/data-classification-guidelines\/\" target=\"_blank\" rel=\"noopener\">Data Classification Guidelines webpage<\/a>.<\/em><\/p>\n<h2>WordPress Security<\/h2>\n<p>WordPress is not inherently less secure than other web content management platforms. In part, it&#8217;s a victim of its own success: with a high profile and a large number of non-technical users comes increased vulnerability. Whatever software you use, failing to follow best practices and security recommendations can leave your site open to attacks.<\/p>\n<p>A few of the steps you can take to make your site more secure:<\/p>\n<ul>\n<li>Make sure WordPress and plugins are kept updated<\/li>\n<li>Run the most recent PHP version<\/li>\n<li>Limit wp-admin access to on-campus IPs or <a href=\"https:\/\/vpn.ufl.edu\/+CSCOE+\/logon.html\">Gatorlink VPN<\/a><\/li>\n<li>Limit granting of Super Admin and Administrator permissions to those who really need it (and remove users who leave your unit from the site)<\/li>\n<li><a href=\"https:\/\/it.ufl.edu\/2fa\/get-started\/\">Use two-factor authentication<\/a><\/li>\n<li>Use a WordPress security plugin such as <a href=\"https:\/\/wordpress.org\/plugins\/sucuri-scanner\/\">Sucuri<\/a> or <a href=\"https:\/\/wordpress.org\/plugins\/wp-fail2ban\/\">WP fail2ban<\/a><\/li>\n<li>Back up your site (database and files) regularly<\/li>\n<\/ul>\n<h3>More information and detailed recommendations:<\/h3>\n<ul>\n<li><a href=\"https:\/\/kinsta.com\/blog\/wordpress-security\/\">WordPress Security \u2013 19+ Steps to Lock Down Your Site<\/a><\/li>\n<li><a href=\"https:\/\/www.owasp.org\/index.php\/OWASP_Wordpress_Security_Implementation_Guideline\">OWASP WordPress Security Implementation Guideline<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Restricted Data Unless you have gone through a risk assessment and received approval to collect, store, transmit, or process restricted data on your website, you should not do so. Restricted data includes, but is not limited to: Medical records Social Security numbers Credit card numbers Driver licenses Non-directory student records Export controlled technical data For [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":0,"parent":292,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"page-templates\/page-sidebar-none.php","meta":{"_acf_changed":false,"inline_featured_image":false,"featured_post":"","footnotes":"","_links_to":"","_links_to_target":""},"class_list":["post-8063","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.eng.ufl.edu\/marcom\/wp-json\/wp\/v2\/pages\/8063","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.eng.ufl.edu\/marcom\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.eng.ufl.edu\/marcom\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.eng.ufl.edu\/marcom\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.eng.ufl.edu\/marcom\/wp-json\/wp\/v2\/comments?post=8063"}],"version-history":[{"count":1,"href":"https:\/\/www.eng.ufl.edu\/marcom\/wp-json\/wp\/v2\/pages\/8063\/revisions"}],"predecessor-version":[{"id":12089,"href":"https:\/\/www.eng.ufl.edu\/marcom\/wp-json\/wp\/v2\/pages\/8063\/revisions\/12089"}],"up":[{"embeddable":true,"href":"https:\/\/www.eng.ufl.edu\/marcom\/wp-json\/wp\/v2\/pages\/292"}],"wp:attachment":[{"href":"https:\/\/www.eng.ufl.edu\/marcom\/wp-json\/wp\/v2\/media?parent=8063"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}