SSL and/or Dedicated IP (4 posts)

Topic tags: dedicated IP, eCommerce, ssl, WP-ecommerce
  • Profile picture of Michael Sneed Michael Sneed said 1 year, 1 month ago:

    I’m working on an e-commerce site with WP-ecommerce. It’s not live yet… It provides a way to have a site where customers (or repeat customers) info, after registering I believe, would be accessible/kept on the site–e.g. credit card info, purchase history. The site I’m making won’t have people registering; yet, I noticed that info like name, address and phone number are filled out during checkout (currently non-secure) before being directed to PayPal (secure site) to pay.

    Any thoughts about filling out basic info on a non-encrypted site? Is that ok? Safe? Or should I go dedicated IP? SSL? Or both?

    Thanks, Michael

    #
  • Profile picture of D.K. Smith D.K. Smith said 1 year, 1 month ago:

    Go with the SSL and IP (you must have the IP to use the SLL, it’s not optional).

    You can buy the cheapest SSL, no need for anything more.

    You should also run your WP admin on the SLL.

    HIGHLY recommend you not store any credit card info on-site. Major liability that you want to avoid at all cost, plus meeting PCI compliance is not easy.

    Also, WP-Ecommerce sucks big time! Horrible support, among other issues.

    BTW, every month we clean up and secure hacked WP sites that used SiteLock. So don’t believe the hype, SiteLock does not stop WP from being hacked.

    #
  • Profile picture of Michael Sneed Michael Sneed said 1 year, 1 month ago:

    Thanks heaps D.K. for the help… much appreciated! Hope you speak at the WordCamp NYC this summer!

    #
  • Profile picture of D.K. Smith D.K. Smith said 1 year, 1 month ago:

    You’re welcome. I applied to present “WordPress Security: Beyond the Basics” at WordCamp NYC 2012. Ecommerce using WordPress (applications, etc) is part of the presentation.

    Hacking and exploits have gone far beyond the WordPress-Security-101 that you read around the web.

    Experience is the best teacher and we have now repaired and/or secured over 1,000 WordPress installations.

    #