Support

Home Forums Event Espresso Premium Security Questions

Security Questions

Posted: December 20, 2013 at 1:22 pm


Angela Haddon

December 20, 2013 at 1:22 pm

Hi, I have two pretty general security questions:

1. I notice that links for event tickets, account details, and invoices are sent to the attendee via email, and that these links do not require any login to access ie. they are publicly available. Given that the invoice includes sensitive information such as attendee name, email, and the particular event they wish to attend, is this a security risk? I assume these are temporary links that aren’t indexed, but I just wanted to check the security implications.

2. If my client processes all payments through third-party sites, would you still recommend forcing an SSL connection for the Registration Page & Shopping Cart (ie. is it advisable that she purchase an SSL certificate for these pages), or would that be overkill?

I really appreciate your help in this matter!


Garth

  • Support Staff

    •

December 21, 2013 at 12:19 am

Hi Angela,

How are you today?

1) Those links are not indexed and generally very unique.
2) If by third-party websites you mean an off-site payment gateway then you do not need a SSL. If you plan to process payments with an on-site gateway then a SSL certificate is highly recommended.


Angela Haddon

December 22, 2013 at 2:54 pm

Hi Garth, and thanks for that information; just wanted to be sure. The payments will be processed off-site, so that’s not an issue. However, do you find that there is any kind of issue with spamming on the registration page? Would you advise adding reCaptcha or similar? Thanks again, and Merry Christmas!


Dean

December 23, 2013 at 2:18 am

Hi,

Some users get more spam than others. The reCAPTCHA system is available (General Settings) and will help reduce against bot spam, but for the increasingly common human spam there is little defence.

If you are suffering from spam registrations then try reCAPTCHA and see if it helps.

If it doesn’t help you could try something like http://wordpress.org/plugins/better-wp-security/ or even start blocking IP addresses (in blocks if necessary).


Angela Haddon

December 27, 2013 at 12:03 pm

Hi Dean – thanks for that; much appreciated!

The support post ‘Security Questions’ is closed to new replies.

Have a question about this support post? Create a new support post in our support forums and include a link to this existing support post so we can help you.

Support forum for Event Espresso 3 and Event Espresso 4.
Documentation for EE3 and EE4
Documentation for Event Espresso 3 Documentation for Event Espresso 4

Status: closed

Updated by  Angela Haddon 10 years, 4 months ago ago

Topic Tags

Tagged: , ,

Notifications

This topic is: resolved
Event Espresso