- Original Poster
- #1
Hi there,
I've considered launching an online service based on WordPress. I have a considerable amount of knowledge in this field, and plan to take steps to prevent unauthorised access to sensitive areas of the site (such as databases).
However, it seems that we can't go a few days lately without hearing about large firms having data breaches. As a small, not-for-profit organisation, this leaves me feeling rather vulnerable as I obviously don't stand a chance against hackers if the 'big guys' can't even thwart them.
So then I got to thinking... What if this happened to me? What would happen? Would I be liable for my site getting hacked? Speaking hypothetically of course.
I don't plan on storing overly sensitive information, just email, username, password (hashed) and possibly country. Other than using UK-based PCI compliant servers with CloudLinux, numerous firewalls & fancy HTACCESS rules, CloudFlare, site-wide forced SSL, and encouraging good password etiquette... I don't think there's much more I can do to prevent intrusions. It's just something that's worried me and hindered me from creating this site.
I've considered launching an online service based on WordPress. I have a considerable amount of knowledge in this field, and plan to take steps to prevent unauthorised access to sensitive areas of the site (such as databases).
However, it seems that we can't go a few days lately without hearing about large firms having data breaches. As a small, not-for-profit organisation, this leaves me feeling rather vulnerable as I obviously don't stand a chance against hackers if the 'big guys' can't even thwart them.
So then I got to thinking... What if this happened to me? What would happen? Would I be liable for my site getting hacked? Speaking hypothetically of course.
I don't plan on storing overly sensitive information, just email, username, password (hashed) and possibly country. Other than using UK-based PCI compliant servers with CloudLinux, numerous firewalls & fancy HTACCESS rules, CloudFlare, site-wide forced SSL, and encouraging good password etiquette... I don't think there's much more I can do to prevent intrusions. It's just something that's worried me and hindered me from creating this site.
