Transcript

Alicia: Hello everybody, thank you for joining us today. Today we are going to talk about Gil’s last and 3rd security tip. Just to refresh your memory, the first one we talked about was scanners and the 2nd one was a WordPress plugin to detect brute force entries. So what is your last security tip?  

Gil: The last security tip in this series which is the 3rd of 3 is one called “least privileges”. So least privilege means that you only grant access to the level that a user would need. So for example, let’s say you have 3 developers all working on your WordPress HIPAA compliant site, you don’t necessarily have to make all 3 of them administrators on the back end. Let’s say one is just contributing images, so just give him rights to add files, and then maybe someone who is higher level that needs access to everything, they can become the super administrator. And that’s very important, and also exposure to your application. Let’s say you have a part of your application, part of your website, that the public doesn’t need to see, then you could put that behind credentials, and that removes the exposure so that the attackers aren’t trying to break into those particular pages that don’t need to be exposed.  

Alicia: Okay, that makes a lot of sense, thank you!  

Gil: Yeah you’re welcome, hopefully you’ll leave some comments, let us know how we’re doing, appreciate it!