|
Andreas
|
December 8, 2015 at 12:09 am
Hi,
Using EE4 on WordPress and also the Payment Gateway Stripe.
To my understanding the add-on for Stripe is using the function that makes it secure when customers enter their card information.
Also my site uses SSL in all communications with clients and also the communication with Stripe.
No card holder information is stored on my site. Not in EE nor on WordPress. In other terms it must mean that I am outsourcing all payment processing to a third party (Stripe) in my setup with EE, right?
If someone would happen to hack my site, there is no data about the card holders card stored at all. Only their full name, e-mail address, city and country.
My question is:
What do you recommend for other activities to secure my WordPress?
Any special plug-in to secure the site? LockDown is something I heard of.
Thank you very much!
Kind regards,
Andraes
|
|
Josh
|
December 8, 2015 at 8:53 am
Hi Andreas,
Since every site is different and use case has different needs, we cannot possibly give specific recommendations for plugins. We can give you some general recommendations for helping to keep your site secure:
1) Use SFTP instead of FTP
2) Keep WordPress and plugins up to date
3) Keep a good backup strategy
4) When adding new security plugins and after setting their configurations, please be sure to test Event Espresso and other plugins you may be using. For example there are otherwise excellent plugins that are designed to block spam and/or add a firewall, but if they are not configured correctly they has the potential to block the payment notifications from gateways like Stripe and PayPal.
5) You can follow the general guidelines here:
http://codex.wordpress.org/Hardening_WordPress
|
