Connecting your grid and your website with w4os plugin does not add security flaws. Here are some important considerations to make sure to optimize the security of your structure.
- Make sure to always use the latest WordPress release, and always allow SSL protocol only (both general rules for any CMS actually)
- Make sure to protect the access to your database (a general rule too), use firewall and database server rules to allow access only from your simulator and your website.
- WordPress as some internal protections, but a security plugin is highly recommended, like the free version of WordFence, which adds an excellent protection layer with a firewall and efficient intrusion attempts detection.
- Only your own WordPress site gets direct access to the grid database through its local w4os plugin.
- Our websites (w4os.org and 2do.directory) do not access your OpenSimulator database, nor the private ports of your OpenSimulator services.
- w4os.org does not collect any data at all
- If you opt for 2do.directory shared search engine, only the public data required for the search are sent by your server, with the standard features of OpenSimulator, to the directory service (regions name, address, description, events dates and location…).
- Grid and simulator data received or collected by the plugin are passed through filters to make sure they contains no hidden rogue instructions that could compromise the website security.
Always keep in mind, to be honest, that in the current state of OpenSimulator, your grid itself is the weak link in a grid/website pair… Enabling SSL on the grid and the simulators will already improve security, but will not make it absolute.