{"id":342,"date":"2021-04-20T13:51:34","date_gmt":"2021-04-20T13:51:34","guid":{"rendered":"https:\/\/inserm.xyz\/kb\/?p=342"},"modified":"2024-09-05T14:05:10","modified_gmt":"2024-09-05T14:05:10","slug":"securite-du-site","status":"publish","type":"post","link":"https:\/\/wordpress-kb.test.inserm.cloud-ed.fr\/?p=342","title":{"rendered":"S\u00e9curit\u00e9 du site"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Cet article explique les mesures prises pour assurer la s\u00e9curit\u00e9 du site. Il concerne principalement les mesures actionnables au niveau de l&rsquo;\u00e9quipe web. Les actions qui rel\u00e8vent d&rsquo;ATOS ou de la DSI ne sont qu&rsquo;\u00e9voqu\u00e9es.<\/p>\n\n\n\n<nav aria-label=\"Table des mati\u00e8res\" class=\"wp-block-table-of-contents\"><ol><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/wordpress-kb.test.inserm.cloud-ed.fr\/?p=342#hebergeur\">H\u00e9bergeur<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/wordpress-kb.test.inserm.cloud-ed.fr\/?p=342#headers-de-securite\">Headers de s\u00e9curit\u00e9<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/wordpress-kb.test.inserm.cloud-ed.fr\/?p=342#processus-de-mises-\u00e0-jour\">Mise \u00e0 jour WP<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/wordpress-kb.test.inserm.cloud-ed.fr\/?p=342#mise-\u00e0-jour-plugins\">Mise \u00e0 jour plugins<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/wordpress-kb.test.inserm.cloud-ed.fr\/?p=342#mise-\u00e0-jour-th\u00e8me\">Mise \u00e0 jour th\u00e8me<\/a><\/li><li><a class=\"wp-block-table-of-contents__entry\" href=\"https:\/\/wordpress-kb.test.inserm.cloud-ed.fr\/?p=342#renforcement-du-site\">Renforcement du site<\/a><\/li><\/ol><\/nav>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"hebergeur\">H\u00e9bergeur<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">La s\u00e9curit\u00e9 du serveur et les backups sont g\u00e9r\u00e9s par l&rsquo;h\u00e9bergeur Hosterra. On n&rsquo;a rien \u00e0 faire \u00e0 ce niveau : tout se passe dans WordPress pour nous.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"headers-de-securite\">Headers de s\u00e9curit\u00e9<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">On utilise le plugins <a href=\"https:\/\/fr.wordpress.org\/plugins\/headers-security-advanced-hsts-wp\/\">Headers Security Advanced &amp; HSTS WP<\/a> pour g\u00e9n\u00e9rer les headers, m\u00eame si on y pige queud. On teste les headers avec : <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/securityheaders.com\">https:\/\/securityheaders.com<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"processus-de-mises-\u00e0-jour\">Mise \u00e0 jour WP<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mise \u00e0 jour de <strong>s\u00e9curit\u00e9 <\/strong>: par le site lui-m\u00eame en automatique<\/li>\n\n\n\n<li>Mise \u00e0 jour <strong>standard <\/strong>: par un administrateur Inserm<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Le process est le suivant : <\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>On aligne staging avec la prod<\/li>\n\n\n\n<li>On met \u00e0 jour WordPress<\/li>\n\n\n\n<li>On regarde si tout va bien<\/li>\n\n\n\n<li>Si non :\n<ul class=\"wp-block-list\">\n<li>on note ce qui ne va pas, <\/li>\n\n\n\n<li>on met \u00e0 jour le reste des plugins pour voir si \u00e7a r\u00e9sout le probl\u00e8me,<\/li>\n\n\n\n<li>on pr\u00e9voit les correction si besoin<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>On r\u00e9plique la mise \u00e0 jour en prod<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"mise-\u00e0-jour-plugins\">Mise \u00e0 jour plugins<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mises \u00e0 jour de <strong>s\u00e9curit\u00e9 <\/strong>: suite \u00e0 une CVE, un admin Inserm met \u00e0 jour<\/li>\n\n\n\n<li>Mise \u00e0 jour <strong>standard <\/strong>: par lot, selon l&rsquo;activit\u00e9 du moment<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Le process est le suivant :<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Identifier la version active du plugin<\/li>\n\n\n\n<li>Lire les notes de versions jusqu&rsquo;\u00e0 la plus r\u00e9cente<\/li>\n\n\n\n<li>D\u00e9cider s&rsquo;il faut mettre \u00e0 jour en urgence ou pas<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Pour plusieurs plugins : <\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>On met \u00e0 jour les plugins backend sans impact sur le front<\/li>\n\n\n\n<li>Puis les plugins backend avec impact sur la structure du site (ACF)<\/li>\n\n\n\n<li>On termine par les plugins frontend, les plus importants en 1er<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"mise-\u00e0-jour-th\u00e8me\">Mise \u00e0 jour th\u00e8me<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">C&rsquo;est ATOS qui s&rsquo;en occupe, suite \u00e0 nos demandes d&rsquo;\u00e9volution.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"renforcement-du-site\">Renforcement du site<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">On bloque l&rsquo;\u00e9num\u00e9ration des users, et on limite les logins au site (par ex. avec <code>admin <\/code>comme user).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cet article explique les mesures prises pour assurer la s\u00e9curit\u00e9 du site. Il concerne principalement les mesures actionnables au niveau de l&rsquo;\u00e9quipe web. Les actions qui rel\u00e8vent d&rsquo;ATOS ou de la DSI ne sont qu&rsquo;\u00e9voqu\u00e9es. H\u00e9bergeur La s\u00e9curit\u00e9 du serveur et les backups sont g\u00e9r\u00e9s par l&rsquo;h\u00e9bergeur Hosterra. On n&rsquo;a rien \u00e0 faire \u00e0 ce [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_seopress_analysis_target_kw":"","_crdt_document":"","footnotes":""},"categories":[15],"tags":[],"class_list":["post-342","post","type-post","status-publish","format-standard","hentry","category-admin"],"_links":{"self":[{"href":"https:\/\/wordpress-kb.test.inserm.cloud-ed.fr\/index.php?rest_route=\/wp\/v2\/posts\/342","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress-kb.test.inserm.cloud-ed.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress-kb.test.inserm.cloud-ed.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress-kb.test.inserm.cloud-ed.fr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress-kb.test.inserm.cloud-ed.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=342"}],"version-history":[{"count":16,"href":"https:\/\/wordpress-kb.test.inserm.cloud-ed.fr\/index.php?rest_route=\/wp\/v2\/posts\/342\/revisions"}],"predecessor-version":[{"id":825,"href":"https:\/\/wordpress-kb.test.inserm.cloud-ed.fr\/index.php?rest_route=\/wp\/v2\/posts\/342\/revisions\/825"}],"wp:attachment":[{"href":"https:\/\/wordpress-kb.test.inserm.cloud-ed.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=342"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress-kb.test.inserm.cloud-ed.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=342"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress-kb.test.inserm.cloud-ed.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}