I am building a website that needs to be HIPAA compliant and am wondering if using the WordPress $wpdb object for SQL is safe and secure? The $wpdb object would be working with PHI (Protected Health Information) so I want to make sure this will not be violating any regulations.
Would it be better to manually create SQL objects and make calls to external databases instead of using the $wpdb object? Is there even a big difference?
Let me know if there is a better way to get the SQL calls done securely. Thanks!
Note: This request is for a client that requires a HIPAA complaint website on WordPress, which is currently on Amazon EC2 and Amazon RDS (both HIPAA compliant platforms).
WordPress bashing or talks of its "history of vulnerabilities" is a biased opinion. Countless institutions and businesses have WordPress PHI solutions running right now.
Not sure why there are down votes without comments explaining why there is a down vote in the first place. Please explain your down votes. A solid answer to the actual question would be even better!
This past answer may confirm $wpdb is safe to use as long as it's done properly, though I'd like a second opinion please.
No articles I've seen online specifically reference the $wpdb object being used with PHI data, but for now I can assume it is a secure object from the link above.