Register Login Featured
Stats: 2340 members, 1523 topics. Date: Friday, 17th August 2018


General Wordpress Blogspot Forums Crypto Traffic Money

Can You Build Websites For Banks With WordPress: WordPress Owner Matt Mullenweg Explains

Can You Build Websites For Banks With WordPress: WordPress Owner Matt Mullenweg Explains by : 4:53 pm On November 17, 2017

 

Can You Use WordPress To Build Website For Banks : Matt Mullenweg Replied

Build Bank Website With WordPress

I agree there’s probably not a ton of benefit to having the online banking / billpay / etc portion of a bank’s website on WordPress, however there is no reason you couldn’t run the front-end and marketing side of the site on WordPress, and in fact you’d be leveraging WordPress’ strength as a content management platform that is flexible, customizable, and easy to update and maintain.

In terms of security, there are a two simple points:

  1. Make sure you’re on the latest version of core and all the plugins you run, and update as soon as new version become available.
  2. Use strong passwords for all user accounts. For extra credit you could enable a 2-factor verification plugin, use Jetpack’s http://WordPress.com login system, or restrict logged-in users to a certain IP range (like behind a VPN).

If your host doesn’t handle it, make sure you stay up-to-date for everything in your stack as well from the OS on up.

Most modern WP hosts handle this (and updates) for you, and of course you could always run your site on WordPress.com VIP alongside some of the top sites in the world.

If you use any non-core third party code, no harm in having a security firm audit the source as well (an advantage of using open source).

For an example of a beautiful, responsive banking website built on WordPress, check out Gateway Bank of Mesa AZ.

WordPress is also trusted to run sites for some of the largest and most security-conscious organizations in the world, including Facebook, SAP, Glenn Greenwald’s The Intercept, eBay, McAfee, Sophos, GNOME, Mozilla, MIT, Reuters, CNN, Google Ventures, NASA, and literally hundreds more.

As the most widely used CMS in the world, many people use and deploy the open source version of WordPress in a sub-optimal and insecure way, but the same could be said of Linux, Apache, MySQL, Node, Rails, Java, or any widely-used software.

It is possible and actually not that hard to run WordPress in a way that is secure enough for a bank, government site, media site, or anything.

If you wanted any help on this feel free to reach out to Automattic as well, we have a decade of experience now dealing with high-risk, high-scale deployments, and also addressing the sort of uninformed FUD you see in this thread.

Matt’s answer is Upvoted by some top developer including Yair Livne, Director of Product Management at Quora, David Cole Director of Design at Quora, Joel Lewenstein Product Designer at Quora.

Using WordPress To Build Website For Banks: What Other Developer Says

After reading many answer i found that most WordPress developers don’t like the idea of using WordPress to build a website for Banks. There were many reasons. Let me share some other popular answers.

Leonid S. Knyshov, JavaScript Developer Mostly On Meteor Wrote

51.4k Views and 200+ up votes as of Feb 2016

Building a system that has access to customer bank accounts on top of WordPress is just a spectacularly bad idea.

Please don’t do that. You can certainly run the bank’s blog on it on a physically separate system, but anything that touches customer logins should not be built on that platform.
WordPress consists of:

  • Core
  • Theme
  • Plugins

While core’s security receives a lot of attention, that is not enough. It is so large and so easy to extend incorrectly that attackers love exploiting it.

Most WordPress sites also use a WordPress theme and plugins. What most people don’t realize is that the theme always contains PHP code and not just presentation styling. There is insufficient attention paid to theme security with few exceptions.

WordPress plugins also receive insufficient attention for security with few exceptions.

As a result, an attacker can and will fingerprint and exploit your themes and plugins.

If you don’t wish to use themes and plugins, then you have no reason to use WordPress and can choose a framework known for its security.

Writing bank account access as WordPress plugins does not make sense.

Petr Chloupek Views About Using WordPress For Banking Websites

13k Views

I assume by website you mean really website, not an internet banking site. In that case these scenarios exists elsewhere. First of all there should be some people with real understanding of the computer security. You should talk to them.

You should strictly split the internet banking environment and your website environment (different networks). One definition of “security” is that the thing can’t be used to other intend than the one which it was designed for and that you can’t limit its functionality without authorization (like DOS attack).

This in general means that you should filter out people who want to overload the site and that you want to disallow unauthorized changes and you should be able to detect all changes.

You should be on https (obvious) with a valid certificate, behind the firewall, you should have automated security tests, you should control network traffic and you should control the system (be up to date, log both system changes and database changes to some other system).

Make the file system read-only if possible and limit rights of the user under which the web presentation runs. Cut out everything you don’t need (plugins etc).

Have procedures for any changes (limited set of people, one way of updating things, log everything). Do all this in coordination with the security experts, there are plenty details and it will take you years to know better than them.

Oscar Gonzalez, WordPress Expert

12.6k Views

I am a WP evangelist and 99% of the time and I think it is doable with WP. However, I second Leonid S. Knyshov. Not because WP is bad inherently, but because if you’re asking how to do that here, in Quora, you probably don’t have the resources to do it right no matter what answer we give you.

If you are just building the front-facing, corporate site for the bank, then go for it. Follow all standard security practices. Lock down admin areas, strong usernames & passwords, get SSL certificates installed and minimize the use of plugins.

DO NOT place customer data or customer access here. The site should also be physically served from outside of the bank’s network; it should not be in the same server or internal network as any of the other bank’s systems.

A good place to start is by reviewing documentation and services from these guys: Sucuri Security

Financial and Health sites are very sensitive and regardless of the platform, need a team of people to execute them correctly.

Can you do it with WordPress? Sure, but you really need to get a strong security-oriented developer, or developer team involved, along with the network security part of the business, and business to be involved in this.

Source

What Do You Think

Now you have read what WordPress experts has to say? do you think it is a good idea to create websites for banks with WordPress.

0

Publication author

offline 9 months

jafarHQ

1
Comments: 1Publics: 2Registration: 17-11-2017

Reply


You must be logged in to post a comment.

 


(Go Up)

Links: (0) (1) (2) (3) (4) (5) (6) (7) (8) (9)

GitHubNg.Com - Copyright © 2017 - Henry Ijogu. All rights reserved. See How To Advertise.
Disclaimer: Every member is solely responsible for anything that he/she posts or uploads on this Forum.

v3.0.1

Authorization
*
*
Registration
*
*
*
Password generation