The WordPress CMS platform is intended to host public-facing content and files. Learn more about privacy, passwords and the collection of personal information on digital channels.
There is no way to make a file on the CMS system private or password protected, and sites should avoid hosting files that should not be publicly available. If a file is uploaded to the CMS service, anyone with the URL of that file can download it without any authentication.
Unlike files, individual pages can be password-protected on the CMS service. A password must be set for each page in order for that content to be made non-public. Any user who does not have the password cannot access the content. However, since a password can be easily shared from one person to another, it’s highly recommended that sensitive content not be hosted on the CMS service.
If a file or pages need to be private or available to a smaller audience, we recommend using a different service to host such files/content. A team site on MedNet may be an ideal solution if the files are intended for an audience internal to the Faculty of Medicine. If you have questions about MedNet team sites, please contact
Collection of Personal Information
All websites that collect personal information through forms or other means must include a standard privacy notification, as per requirements from the University Counsel Privacy Office. The privacy notification must include a contact email address. In addition, all personal information that has been collected must be retained for a minimum of one year.
A privacy notification can be modeled on the following:
Your personal information is collected under the authority of section 26(c) of the Freedom of Information and Protection of Privacy Act (FIPPA). This information will be used for the purpose of [UNIT NAME]. Questions about the collection of this information may be directed to [EMAIL].
For more information see: