Security Best Practices

Security guidelines and best practices for protecting credentials and sensitive data in GSM Middleware.

Database Credential Protection

Issue Identified

Database connection credentials (host, database name, username) were previously displayed in plain text on the admin pages:

• /wp-admin/admin.php?page=gsm-db-environments
• /wp-admin/admin.php?page=gsm-middleware-settings

Security Risks

1. Information Disclosure: Database connection details visible to all admin users
2. Insider Threats: Not all admin users should have access to production database credentials
3. Attack Surface: Exposed credentials provide attackers with target information
4. Compliance Issues: Violates security best practices and potentially compliance requirements (PCI-DSS, HIPAA, etc.)

Solution Implemented

Database credentials are now masked by default with reveal buttons:

• Host: Shows first 3 and last 2 characters (e.g., loc••••••st)
• Database Name: Shows first 2 and last 2 characters (e.g., ta••••db)
• Username: Shows first 2 and last 1 characters (e.g., ro••••t)
• Password: Never displayed (already secure)

Security Features:

• ✅ Credentials masked by default
• ✅ Reveal button requires explicit click action
• ✅ Auto-hide after 5 seconds
• ✅ Visual indicator when revealed (green button)
• ✅ Client-side only (no credentials sent to server when revealing)

Recommended Security Practices

1. Use wp-config.php Constants (Most Secure)

Store database credentials in wp-config.php instead of the database:

// Add to wp-config.php
define( 'GSM_DB_HOST', 'your-db-host' );
define( 'GSM_DB_NAME', 'your-db-name' );
define( 'GSM_DB_USER', 'your-db-user' );
define( 'GSM_DB_PASSWORD', 'your-db-password' );

Benefits:

• Credentials not stored in database
• Not accessible through WordPress admin
• Can be excluded from version control
• Better security isolation

2. Restrict Admin Access

Limit who can access the GSM Middleware settings:

// Only allow specific users/roles
if ( ! current_user_can( 'manage_gsm_middleware' ) ) {
    wp_die( 'Insufficient permissions' );
}

Recommended Capabilities:

• manage_gsm_middleware - For full middleware management
• manage_options - WordPress administrator capability
• Custom role with specific permissions

3. Use Strong Database Passwords

• Minimum 16 characters
• Mix of uppercase, lowercase, numbers, special characters
• Use password manager to generate and store
• Rotate passwords regularly (every 90 days)

4. Database User Permissions

Create database users with minimal required permissions:

-- Read-only user for reporting
GRANT SELECT ON database_name.* TO 'read_user'@'localhost' IDENTIFIED BY 'password';

-- Limited permissions for application
GRANT SELECT, INSERT, UPDATE ON database_name.* TO 'app_user'@'localhost' IDENTIFIED BY 'password';

-- Avoid GRANT ALL unless absolutely necessary

5. Network Security

• Restrict Database Access: Only allow connections from application server IPs
• Use SSL/TLS: Encrypt database connections
• Firewall Rules: Limit MySQL port (3306) access
• VPN/Private Network: Use private network for database connections

6. Audit Logging

Enable audit logging to track who accesses database credentials:

// Log credential access
add_action( 'gsm_middleware_credential_accessed', function( $user_id, $credential_type ) {
    error_log( sprintf(
        'User %d accessed %s credential at %s',
        $user_id,
        $credential_type,
        current_time( 'mysql' )
    ) );
}, 10, 2 );

7. Environment-Specific Credentials

Use different credentials for each environment:

• Production: Strongest security, limited access
• Staging: Similar to production but isolated
• Development: Can be more relaxed but still secure
• Local: Minimal security needed

8. Encryption at Rest

Ensure database credentials stored in WordPress database are encrypted:

• Uses WordPress password hashing functions
• Encrypted before storage
• Decrypted only when needed

WordPress Security Checklist

• Update WordPress core regularly
• Update all plugins and themes
• Use strong admin passwords
• Enable two-factor authentication
• Disable file editing in admin panel
• Use security plugins (Wordfence, Sucuri)
• Regular database backups
• Implement rate limiting
• Use HTTPS/SSL everywhere
• Monitor error logs
• Remove unused plugins/themes
• Limit login attempts
• Change default admin username
• Use secure hosting provider

Compliance Considerations

PCI-DSS (Payment Card Industry)

If handling payment data:

• Encrypt transmission of cardholder data
• Restrict access to cardholder data
• Regularly test security systems
• Maintain information security policy

HIPAA (Healthcare)

If handling health information:

• Access controls (user authentication)
• Audit controls (track access)
• Encryption and decryption
• Automatic logoff

GDPR (Data Protection)

If handling EU user data:

• Data minimization
• Purpose limitation
• Storage limitation
• Integrity and confidentiality

Incident Response

If credentials are compromised:

1. Immediate Actions:

   • Change all affected database passwords immediately
   • Review database access logs for unauthorized access
   • Check for malicious data modifications

2. Investigation:

   • Determine how credentials were exposed
   • Identify affected systems and data
   • Document timeline of events

3. Remediation:

   • Fix security vulnerability
   • Implement additional security controls
   • Update security policies and procedures

4. Communication:

   • Notify affected stakeholders
   • Report to authorities if required
   • Document lessons learned

Security Contact

For security issues or concerns:

• DO NOT open public GitHub issues for security vulnerabilities
• Email: [email protected]
• Use encrypted communication when possible

Additional Resources

• WordPress Security Codex
• OWASP Top 10
• WordPress Plugin Security
• MySQL Security

---

Last Updated: March 16, 2026
Version: 1.0.0