I use wordpress as a platform to create a commercial proposals. Most pages are a commercial proposals as a ONE PAGE websites with specific header.
There is currently 3 Internal users Level on the platform :
• Administrator : can do everything
• Proposal admin : can manage proposals, templates and internal users ( proposal Admin, Proposal editor).
• Proposal editor: can manage proposals
So the steps to create proposals at the moment are :
1. Create a client : on client layout at admin menu, we create client by adding some informations : name, market segment, logo
2. Create a proposal with the Beaver builder for the design and adding some informations on the proposal page like : activity area, ID opportunity, coordinator…….
3. Publish the proposal and protected page by password.
This process is good but not enough secure. Cause the proposals are only protected by a PASSWORD. So we do not have possibility to prevent from brute force attacks and tracking bad agent trying to connect to the proposals on the platform and also have statistics about proposals consultation.
THE NEED 1 :
The IDEA is :
First : To have nominatifs accounts for external consumers «CLIENTS» on the platform. Each individual must have their own credentials. So the protection will be better.
Second : Assign each proposal to one or multiple external consumers accounts.
So if we tape the correct proposal URL on the naviguator we will be redirected on login page. After login with the correct external_consumers ID we are redirected to the proposal external.
If we tape a bad URL -- 404 page.
Also if we tape a correct proposal URL but we are not a valid external consumers accounts assigned to the proposal page on the backoffice. We will be redirected to 404 page.
THE NEED 2 :
We need to forbid the uploading of files with EICAR signatures on the server and WordPress platform.