Security Best Practice Considerations

This platform is intended for low-risk data defined by Stanford’s Information Security Office (ISO). You should NOT store any data other than low risk data. Medium and High-Risk data is not allowed on this platform. Please be familiar with Stanford Security and Usage policies.

Even with low-risk data, please consider the following best practices when hosting your website: 

• Link your protected document in google doc with appropriate permission.
• Don’t publish your zoom link without using additional zoom security features such as Only authenticated users can join the meetings and Waiting room and admit them individually.
• Don’t use a common username such admin, administrator, root as your login accounts.
• Enable “Limit the rate Login Attempts” to stop some malicious activities.
  (installed by default in new WordPress sites)
  
• Use the long password 16+ characters containing alpha, numeric, and special characters.
• Enable Comment Filtering plugins (ie., Akismet) and comments must be moderated to avoid spam.
  (installed by default in new WordPress sites)
  
• Use ReCAPTCHA in online submission forms is to prevent spam and abuse from entering the site.
• Should enable moderate/approval feature on any comments, forum, blog posting.
• Do not allow upload files (txt, pdf, pictures, video, etc) without any authentication.
• Keep your site up-to-date, including: CMS updates, Plug-in Updates, Themes revisions, Users, PHP version