GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Barry-xlovecam · 10-26-2017, 03:48 AM

If you are going to use Wordpress you need to refer all data entry and payments to the processor's server. The processor's server will return your costumers to your success and acknowledgement page.

If you can do this with an API that is a TLS (HTTPS) post it is probably OK but make it clear on the page that "this website does not store your credit card data" I would store all the customer personal data outside of the document root so that the webserver and PHP would hopefully not give it up on the public internet to an exploit -- you really need a dedicated or a good VPS server to do this right.

Wordpress security is an oxymoron when dealing with e-commerce payments.

10-26-2017, 03:48 AM
Barry-xlovecam It's 42 Industry Role: Join Date: Jun 2010 Location: Global Posts: 18,083	If you are going to use Wordpress you need to refer all data entry and payments to the processor's server. The processor's server will return your costumers to your success and acknowledgement page. If you can do this with an API that is a TLS (HTTPS) post it is probably OK but make it clear on the page that "this website does not store your credit card data" I would store all the customer personal data outside of the document root so that the webserver and PHP would hopefully not give it up on the public internet to an exploit -- you really need a dedicated or a good VPS server to do this right. Wordpress security is an oxymoron when dealing with e-commerce payments.