The M&S Archive
We were commissioned to design, specify, and build a bespoke WordPress-based website to provide a visitor interface for the historic collection of documents, photographs, artefacts, and digital assets housed in the M&S Archive.
We worked with the M&S Archive team in a collaborative process, with an extended development period, to ensure that the website adhered to the company-wide cyber security policies of Marks and Spencer Group plc. The website was secured comprehensively following the OWASP guidelines. We enhanced WordPress session security, improved password policies, and prevented the information leakages a standard WordPress installation would have left them vulnerable to.
The OWASP practises are typically applied to large, high-risk web-based applications. In this case we implemented them due to the value of the M&S brand. Without further hardening, WordPress fails to meet many standards within the OWASP secure coding practices. And off-the-shelf plugins simply cannot cover all best practices, so we developed bespoke security enhancements to satisfy the standards exactly.
The result was an elegant website which is fast, accessible, and easy to use. Beneath that sits a system that is compliant to the highest level of cyber security attainable within WordPress development. This gave the M&S Archive peace of mind that their brand reputation, and the trust of their millions of customers would be protected.
Learn more about The M&S Archive