Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Security

Diego Vogel
Diego Vogel
12,876 Points

Am I creating a back door for hackers?

Here's the situation. I have a static portfolio site that I've built from scratch with HTML/CSS/JS. Nothing fancy, just a projects page, about page, contact page. All the files are stored in the root directory, and within that root directory I have a folder that contains a WordPress multisite installation. This is where I will host client sites.

My portfolio site doesn't have any input fields or anything, just a static site where people can view my projects. But I haven't done anything to secure it.

I'm not too worried about the portfolio site itself, but my concern is this: would someone be able to hack through my portfolio site to the root directory and from there get into my WordPress multisite network? Am I creating a "back door" to the WordPress sites by having an unsecured site at the root level and the WordPress sites in a subdirectory? Or is WordPress secure from "both sides", if that makes sense. Thanks in advance for any advice on this.

1 Answer

Kevin Korte
Kevin Korte
28,149 Points

Hey Diego,

You should be fine, if you have no inputs, you really have no entry points. It's like having a house with no doors or windows, it's almost impossible to break in.

Just make sure the password to your hosting login is secure. Also, your wordpress site poses more of a threat then anything. Wordpress, being open source means would-be hackers are able to find holes in the source code, and use that exploit to act maliciously on your site. They also are able to know the exact database schema wordpress uses, so you must use a unique and ungessable database table prefix, and also make sure you set your salts in your wp_config, and keep your wordpress install update to date at all times, and you should be good to go.

Your simple portfolio site is the least of your problems.

Diego Vogel
Diego Vogel
12,876 Points

Kevin, thanks a lot for your input. And I appreciate the tips about WordPress.

I'm now considering having a contact form on my portfolio site by embedding a Google Form. I'm guessing the form would only communicate with Google servers... but would I be creating a door or window into my site?

Thanks, Diego

Kevin Korte
Kevin Korte
28,149 Points

No, you'll be fine. You are correct, a google form would communicate with google servers, not yours. And you can best be sure google has some of the best security on the internet.

Diego Vogel
Diego Vogel
12,876 Points

Cool. Thanks for your help!