CIA triad in the WordPress and WooCommerce security perspective

January 12, 2019
cia-triad-in-the-wordpress-and-woocommerce-security-perspective Theme Builder Layout

CIA triad is an abbreviation for confidentiality, integrity, and availability. The CIA triad is considered to be the basis for all information security models. Confidentiality, integrity, and availability are crucial to ensuring the security of information and information systems. Each of three CIA triad parts is essential, and this model can’t work correctly guaranteeing the security of information and information systems if at least one piece fails. Let’s see how unique these three components are and what role they play.

CIA triad #1 – Confidentiality

Confidentiality is a necessary measure to control the security of information and information systems. It can directly affect other parts of the CIA triad. The first explanation would be that the information must be accessible only to those who have the right to access that information. You may have heard about the Principle of Least Privilege (POLP), it states that information system user must be able to access only the information that is necessary for regular use of the system and legitimate purpose.

Confidentiality and the Principle of Least Privilege are used basically in all information systems. For example, WordPress can have various users with various rights. It guarantees two things: a) that each user has its own personalized account that only he could access and manage b) that each user can access only the information which he is allowed to access.

Confidentiality must also ensure that other sensitive information is hidden. Just imagine what could go wrong if your WordPress configuration file, database or even PHP information becomes visible to everyone. It will make the potential attacker make the reconnaissance easier and allows almost to skip the first “cyber kill chain” step since he can get the primary information needed for the attack without making deeper and time-consuming research. Proper limitation of the availability of information can protect you from potential cyber attacks.

CIA triad #2 – Integrity

Data is only valuable if it is correct and unchanged. Data integrity means that information is not altered in any way by an unauthorized person. We have a great example, imagine that you have one million dollars on your bank account and someone managed to change the records in the bank database and reduced your savings to only one dollar just by deleting several symbols. We can safely say that data integrity is the cornerstone for the reliability of data and information systems.

Smallest changes could make a massive impact on information and work of the information systems. For example, you have a WooCommerce based online store, someone managed to change the price of some product on your shop from 99 USD to 9 USD, one deleted symbol makes such a huge difference and could generate huge loses for your business.

Don’t think that you need to ensure only database information integrity. The integrity of your WordPress and WooCommerce or any other software source code is highly important. Altered software source code also could lead to huge problems, changes can be made by hackers to inject the malware or other unwanted software like keyloggers, shells and similar just to gain access to your system, data and user activity by stealing their credit card numbers, account passwords and more.

In summary, ensuring data integrity guarantees system reliability, and data integrity control allows you to identify potential intrusion into your system.

CIA triad #3 – Availability

It is important to make sure that the information and information system is accessible to the authorized user or viewer at all times. Some of the attacks like Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attacks used by hackers to make your information system and its information inaccessible to users and viewers. It’s quite a prominent topic and problem. However, there are a dozen various measures like Web Application Firewall (WAF), Content Delivery Networks (CDN) and other that can protect your WordPress site or WooCommerce store from such types of attacks.

Availability also means that your information system and information must be accessible regarding acceptable user experience. It means that if you apply such security measures that will ultimately ruin user experience and the access to the data by asking users to pass a lot of security steps, it will be considered by users as almost unavailable and inaccessible.


CIA triad is an excellent example of how you can evaluate and harden the security of your WordPress sites and WooCommerce stores. These three parts of the triad depend on each other and provide a solid foundation for the protection of your information and information system. Each measure can reduce the likelihood of a successful attack. Just remember that excessive use of security measures may make your information or information system unavailable to your users.

Share this article:

eHost-square-ad Theme Builder Layout

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:


Related Posts

wordpress-5-3-kirk Theme Builder Layout

WordPress 5.3 “Kirk”

Introducing our most refined user experience with the improved block editor in WordPress 5.3! Named “Kirk” in honour of jazz...

igniteup-3-4-1-multiple-issues Theme Builder Layout

IgniteUp < 3.4.1 – Multiple Issues

All issues can be triggered by unauthenticated users: - Arbitrary File Deletion - HTML injection & CSRF in email messages - Stored Cross-Site Scripting - Disclosure of subscribers' email address - Arbitrary subscriber deletion - Arbitrary plugin’s template...

Get ALL Your SEO, WordPress & Divi News

Join Our Daily Roundup

SEO News and More

SEO News and More

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.