how to create websites for banks with wordpress: justlearnwp.com
DESCRIPTION
Visit http://justLearnWP.com/ for moreTRANSCRIPT
JustLearnWP.comWordPress & Blogging Tutorials
Can You Build Websites For Banks WithWordPress: Matt Mullenweg Explains
Is it possible to build a website for banks using WordPress? Should you use WordPress
to build bank Websites. Building different type of websites is easy but can you build
Websites for banks with WordPress. In this article i am going to share what WordPress
experts has to say?
We have already published an in depth blog post that you can use WordPress to build
more than 30 type of website. You can use WordPress to build any type of website,
From a simple blog to a complex social networking website like Facebook.
Further read: Do You Know: You can build 35+ type of websites with WordPress
In this article we are going to share what expert and experienced WordPress developer
has to say: WordPress for banking websites Yes or No.
88 Shares 30 18
It is possible to build Websites for banks with WordPress, but most expert developers
says that you should use WordPress only for front end use.
Someone asked this question on Quora: I am powering a bank’s website using
WordPress. What security measures should I take?
At the time of writing this article (Feb 2016), 34 people Answered this question. Most
popular answer with 85,000+ views is written by Matt Mullenweg co-founder of
WordPress and founder of Automatic. This answer was written in Apr 16, 2015.
Can You Use WordPress To Build Website For Banks :Matt Mullenweg Replied
85.4k Views and 550+ up votes as of Feb 2016
Build Bank Website With WordPress
I agree there’s probably not a ton of benefit to having the online banking / billpay / etc
portion of a bank’s website on WordPress, however there is no reason you couldn’t run
the front-end and marketing side of the site on WordPress, and in fact you’d be
leveraging WordPress’ strength as a content management platform that is flexible,
customizable, and easy to update and maintain.
In terms of security, there are a two simple points:
1. Make sure you’re on the latest version of core and all the plugins you run, and update
as soon as new version become available.
2. Use strong passwords for all user accounts. For extra credit you could enable a 2-
factor verification plugin, use Jetpack’s http://WordPress.com login system, or
restrict logged-in users to a certain IP range (like behind a VPN).
Further Read: 30 Most popular Free WordPress plugins
If your host doesn’t handle it, make sure you stay up-to-date for everything in your
stack as well from the OS on up.
Most modern WP hosts handle this (and updates) for you, and of course you could
always run your site on WordPress.com VIP alongside some of the top sites in the
world.
If you use any non-core third party code, no harm in having a security firm audit the
source as well (an advantage of using open source).
For an example of a beautiful, responsive banking website built on WordPress, check
out Gateway Bank of Mesa AZ.
WordPress is also trusted to run sites for some of the largest and most security-
conscious organizations in the world, including Facebook, SAP, Glenn Greenwald’s The
Intercept, eBay, McAfee, Sophos, GNOME, Mozilla, MIT, Reuters, CNN, Google Ventures,
NASA, and literally hundreds more.
As the most widely used CMS in the world, many people use and deploy the open
source version of WordPress in a sub-optimal and insecure way, but the same could be
said of Linux, Apache, MySQL, Node, Rails, Java, or any widely-used software.
It is possible and actually not that hard to run WordPress in a way that is secure enough
for a bank, government site, media site, or anything.
If you wanted any help on this feel free to reach out to Automattic as well, we have a
decade of experience now dealing with high-risk, high-scale deployments, and also
addressing the sort of uninformed FUD you see in this thread.
Matt’s answer is Upvoted by some top developer including Yair Livne, Director of
Product Management at Quora, David Cole Director of Design at Quora, Joel
Lewenstein Product Designer at Quora.
Using WordPress To Build Website For Banks: WhatOther Developer Says
After reading many answer i found that most WordPress developers don’t like the idea
of using WordPress to build a website for Banks. There were many reasons. Let me
share some other popular answers.
L EO N I D S . K N YS H OV , JAVA S C R I P T D E V E LO P E R M O S T LY O N M E T EO RW R OT E
51.4k Views and 200+ up votes as of Feb 2016
Building a system that has access to customer bank accounts on top of WordPress is
just a spectacularly bad idea.
Please don’t do that. You can certainly run the bank’s blog on it on a physically separate
system, but anything that touches customer logins should not be built on that platform.
WordPress consists of:
Core
Theme
Plugins
While core’s security receives a lot of attention, that is not enough. It is so large and so
easy to extend incorrectly that attackers love exploiting it.
Further Read: How To Choose A Perfect Free Or Premium WordPress Theme
Most WordPress sites also use a WordPress theme and plugins. What most people don’t
realize is that the theme always contains PHP code and not just presentation styling.
There is insufficient attention paid to theme security with few exceptions.
WordPress plugins also receive insufficient attention for security with few exceptions.
As a result, an attacker can and will fingerprint and exploit your themes and plugins.
If you don’t wish to use themes and plugins, then you have no reason to use WordPress
and can choose a framework known for its security.
Writing bank account access as WordPress plugins does not make sense.
Petr Chloupek Views About Using WordPress ForBanking Websites
13k Views
I assume by website you mean really website, not an internet banking site. In that case
these scenarios exists elsewhere. First of all there should be some people with real
understanding of the computer security. You should talk to them.
You should strictly split the internet banking environment and your website
You should strictly split the internet banking environment and your website
environment (different networks). One definition of “security” is that the thing can’t be
used to other intend than the one which it was designed for and that you can’t limit its
functionality without authorization (like DOS attack).
This in general means that you should filter out people who want to overload the site
and that you want to disallow unauthorized changes and you should be able to detect
all changes.
You should be on https (obvious) with a valid certificate, behind the firewall, you should
have automated security tests, you should control network traffic and you should
control the system (be up to date, log both system changes and database changes to
some other system).
Make the file system read-only if possible and limit rights of the user under which the
web presentation runs. Cut out everything you don’t need (plugins etc).
Have procedures for any changes (limited set of people, one way of updating things, log
everything). Do all this in coordination with the security experts, there are plenty details
and it will take you years to know better than them.
Oscar Gonzalez, WordPress Expert
12.6k Views
I am a WP evangelist and 99% of the time and I think it is doable with WP. However, I
second Leonid S. Knyshov. Not because WP is bad inherently, but because if you’re
asking how to do that here, in Quora, you probably don’t have the resources to do it
right no matter what answer we give you.
If you are just building the front-facing, corporate site for the bank, then go for it.
Follow all standard security practices. Lock down admin areas, strong usernames &
passwords, get SSL certificates installed and minimize the use of plugins.
DO NOT place customer data or customer access here. The site should also be
physically served from outside of the bank’s network; it should not be in the same
server or internal network as any of the other bank’s systems.
A good place to start is by reviewing documentation and services from these guys:
Sucuri Security
Further Read: How To Recover Hacked WordPress Website?
Financial and Health sites are very sensitive and regardless of the platform, need a team
of people to execute them correctly.
Can you do it with WordPress? Sure, but you really need to get a strong security-
oriented developer, or developer team involved, along with the network security part of
the business, and business to be involved in this.
S O U R C E
Quora: I am powering a bank’s website using WordPress. What security measures
should I take?
What Do You Think
Now you have read what WordPress experts has to say? do you think it is a good idea to
create websites for banks with WordPress.
Share This:
Related:
35+ Type Of Websites You Can Create With WordPress
In "WordPress"
WordPress Parent and Child Theme Development Beginner Guide
In "WordPress Theme Development"
JustLearnWP.com
Tahir Taous WordPress build website
Ultimate guide: What is WordPress how does it work & who use it
In "WordPress"
/ / / /
/