higher security in your favorite cms

you don't need to trade your favorite cms for better security_cms_usage.jpg

Security security security. It's an ever growing field when it comes to website design and the digital age and for good reason. When designing a new website, those with higher security needs go into the process with a different list of priorities and rightfully so. Any company that sells things on the Internet automatically has higher security needs, but any company that accepts personal or customer information on their website has a need for even a basic level of security. All the sudden, things like design, ease of use, and aesthetics find themselves at the bottom of a much longer list of priorities.

So as the story goes companies will go looking for a CMS that can accommodate their security needs. Whether a company needs PCI DSS or HIPAA compliance, they'll need a platform and content management system that can pass compliance scans and reporting - often times this points companies and organizations away from open source platforms like WordPress. It doesn't have to. We are here to tell you that WordPress can be just as secure as any of those "proprietary" CMS's that will cost you twice as much with half the plugin compatibility. Yes, that's right, if you need high levels of security in order to pass compliance scanning, you can use WordPress - the world's most popular CMS.

Looking for other great articles on Digital Security? Check out these articles from our blog!


the best of both worlds - A short story

My fiance and I had a meeting with the lady doing our wedding invitations a few months back and a topic not usually associated when discussing invites came up - web design. She is an independent artist and does invites, however her day time job is working for a local health care company. We were discussing my job and what I do for a living and she dropped that she was on the hipaa_blue.jpgwebsite redesign group at her company, charged with planning and executing the redesign. We got into a brief discussion about the different CMS options and I dropped that we exclusively design using WordPress, which we find to be the most flexible and compatible CMS. She then said this to me, and it started in my mind an idea that has become the central focus of our business. She said:

      "We looked into using WordPress, and it was our first choice...but we couldn't use it as it doesn't give us the security we need."

BAM! It hit me like a ton of bricks. There are actually companies out there that want to use WordPress but think that they can't because of security. I told her right then and there - you CAN use WordPress, you just need to find the right partner. Our company was in it's early stages at the time, and was probably not in place to service such a large company, but I have regrets about not pushing harder for a meeting. We could have definitely opened their eyes as to the flexibility of the platform. Yes, a WordPress website can be HIPAA compliant. You can use WordPress and all the great things that come with it, and still maintain a high level of security.

 

website security, cms, wordpress, drupal

 

Don't be limited by a "proprietary cms"

If you've been on a team or part of an organization that is searching for a new website partner (digital agency, etc) you've most likely come across companies trying to sell you on their 'proprietary CMS'. DO NOT BE FOOLED. They will sell you on the basic premise that 'this was designed for companies in healthcare' or 'this was designed for care facilities'. This type of specialty design is flawed - and here is why: What they are selling as proprietary online software is merely a way of locking you in as a customer long term without explicitly saying so. If they've invented/created a CMS that only they can run, only they can operate, only they can change/modify/redesign/support... See where I'm going with this?

As long as you use that website you're stuck with that company. No matter how outdated they let their software get, no matter how frustrated you are with their support - you can't leave - unless you want to go back to square one. It's not easy to go back to your boss and tell them you dropped 20k on a website that you now hate and want another 20k for a new one? Yeah... not gonna happen. I'm not saying all of these companies are 'bad'. In fact there are probably some great one's out there that will leave you very satisfied with your decision. Just do your homework and don't let the 'we have experience serving companies in your industry' pitch be the kicker. Using an open-source CMS like WordPress will allow you the flexibility to change agencies without changing your website everytime - the value of which cannot be understated.

We've worked with food companies to search firms - and have never felt like we've needed 10 years of industry experience in a company's field to build a kick-ass website for them. You need a great process, a great attitude, and a willingness to be flexible.

 

wordpress pci compliance

On top of HIPAA compliance (the compliance designed for Health Care companies) other types of compliance are also possible while using WordPress. PCI DSS compliance is another common form of advanced security standards often required by banks servicing companies who are selling things online. This ensures that personal and financial information that is being exchanged online is secure from the moment you type it in on your web browser through the time it is processed by the financial institution. One of our customers Sandbag Express, recently went through a transition into PCI Compliance. We designed a WordPress site that is fully PCI DSS compliant - they now have the best of both worlds. The best CMS in the world without sacrificing the high end security required for them to sell online. You can have your cake and eat it to!


THANKS FOR READING!

Thanks for reading this article about WordPress PCI Compliance and WordPress security! We hope it was both helpful and informative. Check out our blog by clicking here or subscribe to get all the updates by filling out the form at the bottom of this page!

Also, if you're wondering what PCI DSS Compliance is all about click below to download our 'PCI Q & A' and have all your PCI DSS questions answered!

PCI DDS, PCI compliance, PCI Q + A, download


 

About the author

Steven Milne

I'm Steve and I'm a co-founder and CFO at Digital 1. I am responsible for helping companies grow through lead generation anchored by Inbound Marketing. I also have a background in digital and cyber security. I very much enjoy writing and blogging at Digital 1. I love helping companies realize their website's potential. It's always so satisfying to see their online presence expand and generate business essential to growth.

Subscribe to our blog!

NAVIGATION

Subscribe to our Blog!

digital-one-logo-horizontal-black-and-white-copy-2-4.png© Copyright 2016 Digital 1

Digital 1 - Digital Inbound Marketing. Digital Security