diff --git a/app/controllers/sites_controller.rb b/app/controllers/sites_controller.rb
--- a/app/controllers/sites_controller.rb
+++ b/app/controllers/sites_controller.rb
@@ -65,7 +65,7 @@
     @site.clear_start_time_if_not_started
 
     respond_to do |format|
-      if @site.update_attributes(params[:site])
+      if @site.update_attributes(site_params)
         flash[:notice] = 'Site was successfully updated.'
         format.html { redirect_to(@site) }
         format.xml  { head :ok }
@@ -88,4 +88,10 @@
     end
   end
 
+  private
+
+    def site_params
+      params.require(:site).permit(:name,:started,:start_time,:country_id,:password)
+    end
+
 end