GoFuckYourself.com - Adult Webmaster Forum - View Single Post

HairyChick · 10-25-2017, 06:03 PM

I've been setting up a site that will process payments. Some are processed via APIs that handle it on their side. Nothing is retained by me.

Others have APIs that process on my site but nothing is stored.

The offsite processing wil have buttons on an http page, like htttp:// www. .com/payment space php (intentional space) .It runs a php script.

From my site, the button goes to https:// www.otherdomain.com/index.php. The API code will be there. It runs Wordpress but just the index page and directories/payment1, /payment2 with payment.php page. One file only

I'll use ReCaptcha on both and security plugins on Wordpress. But -- beside .htaccess, what security scripts can I run to keep the main domain secure? Nothing confidential there but for normal stuff. No payment info at all.

The https is required by the banks but doesn't guarantee security, I know that. Hacking will just frustrate me and I'll backup every twelve hours, just in case. But I'd like to lockdown both sites as tight as possible.

I know Wordpress can be risky but it's just a gateway. 3/4 pages to replace if hacked with just API code. The other script isn't popular and I'll set up the db to save hourly if possible.

Am I covering all bases? Security suggestions? What am I overlooking?

Thanks. Hope I didn't leave anything out. I don't want to skip things and when hacked, yell at myself for not thinking about it.

10-25-2017, 06:03 PM
HairyChick Slowly dying Industry Role: Join Date: Sep 2012 Location: Padanaram Posts: 3,091	Security Questions I've been setting up a site that will process payments. Some are processed via APIs that handle it on their side. Nothing is retained by me. Others have APIs that process on my site but nothing is stored. The offsite processing wil have buttons on an http page, like htttp:// www. .com/payment space php (intentional space) .It runs a php script. From my site, the button goes to https:// www.otherdomain.com/index.php. The API code will be there. It runs Wordpress but just the index page and directories/payment1, /payment2 with payment.php page. One file only I'll use ReCaptcha on both and security plugins on Wordpress. But -- beside .htaccess, what security scripts can I run to keep the main domain secure? Nothing confidential there but for normal stuff. No payment info at all. The https is required by the banks but doesn't guarantee security, I know that. Hacking will just frustrate me and I'll backup every twelve hours, just in case. But I'd like to lockdown both sites as tight as possible. I know Wordpress can be risky but it's just a gateway. 3/4 pages to replace if hacked with just API code. The other script isn't popular and I'll set up the db to save hourly if possible. Am I covering all bases? Security suggestions? What am I overlooking? Thanks. Hope I didn't leave anything out. I don't want to skip things and when hacked, yell at myself for not thinking about it. __________________ ***************************************** Anti-Semites have Small Penis Syndrome. The only known treatment is electroshock therapy combined with cerebellum removal. Fortunately, it’s a tiny procedure. ***************************************** Last edited by HairyChick; 10-25-2017 at 06:06 PM.. Reason: Weird link came up again