Support

June 27, 2023 at 6:52 am

Hi there,

The collations aren’t set by Event Espresso when creating the tables, that’s done by WordPress itself and we basically just request it creates new tables for EE.

The above error means you have a mix of utf8mb4_unicode_520_ci and utf8mb4_unicode_ci within your tables. The quickest way to fix this is using a plugin like this:

https://en-gb.wordpress.org/plugins/database-collation-fix/

Note the first thing you should do BEFORE using the above is to create a full database back for your site just to be safe.

That plugin will convert your database to use all the same collations which prevents the above error.

June 27, 2023 at 7:48 am

Please explain in detail why you beleive the PayPal Commerce integration is less secure?

PayPal Commerce (checkout) is PayPals latest integration method. Our integration method with it does NOT handle card data with your own site, its done on PayPal’s server the same way Express does.

June 27, 2023 at 8:52 am

The verbiage that shows up says the Website is 100% responsible for PCI compliance as the processing will happen within the site.

The verbiage used is:

You are responsible for your own website security and Payment Card Industry Data Security Standards (PCI DSS) compliance.

Where does it state the processing will happen on the site itself? I’d like to check into that text.

None of that actually changes depending on your host and/or payment method integration used. I don’t have official figures for this but based on my own personal experience providing support, a large proportion of users aren’t even aware of PCI Compliance requirements and those that are somewhat familiar with it assume that EventEspresso.com is somehow handling their compliance for them. One of the reasons the notice was added was to try and make it clear that we have no responsibility for it in a short and concise manner.

PayPal Express – sends you off to PayPal site for the processing, then returns you (PayPal handles security). The site owner has to understand thier hosting, etc. because Many hosts are NOT PCI compliant no matter what levels you add to your website – So in theory the PayPal Express is good for those that can’t control their PCI status.

Regardless of host and payment method integration, the end user is still responsible for their own PCI Compliance. PayPal Express still requires SAQ-A, as does PayPal Commerce.

In my opinion, the PayPal Express payment method should also show that same notice because there is always a level of compliance required with all payment methods. Your correct that if they choose to use an onsite payment method such as PayPal Pro, hosting becomes much more involved (good luck getting compliance on shared hosting) but again that’s still the owner’s responsibility for compliance and not ours (which is what people assume).

The verbiage you provide I think could simply be worded better – helping them understand their choices better.

Sure, we can always improve and I’ll open a discussion internally to see what else we can do here.