1

I'm working with a nonprofit that wants to use CiviCRM to process its donor, member, and patron personal information. Civi is CMS-based, and will only run via WordPress, Drupal, Joomla, etc.

Newb question: If I set up WordPress on localhost (on a single machine sharing wifi with other devices, but not sharing files), is that information just as secure as any other file on the computer (which is to say still vulnerable to malware and such, but generally safe from the network)?

I only have experience with WampServer, are there other, more secure options, or settings I should be aware of? Other than limiting computer access to certain users who exercise caution (vetting downloads, no personal email, strong password enforcment/2FA, etc.), is there anything else I can do to ensure the security of our sensitive information?

Lynn Greene
  • 11
  • 1
  • 3
    Since you consider yourself a "noob", do you think you should be building a system that handles and stores sensitive personal and payment information? To me, this seems like a scandal waiting to happen. –  Jun 06 '20 at 19:42
  • 1
    Not payment information, but I get your point. That's why I'm trying to educate myself. Partly because I'm curious, and partly because if I'm not comfortable taking this direction after getting some insight, I can get back to the board and say "here's why". – Lynn Greene Jun 06 '20 at 19:54
  • It's good to understand when you're unable to perform a task given, and it should be possible for you to argue that you or perhaps the team you work in lacks the knowledge to implement such a system. A good approach would be to either hire someone who has the necessary skills or experiences, or hire someone who can teach your team these skills. (And I apologize if my comment before sounded condescending. After re-reading it I realized it could be considered such, but I assure you that wasn't my intention.) –  Jun 06 '20 at 23:39

0 Answers0