Jump to content
Killersites Forums

Online stores and SSL, PCI etc


Recommended Posts

I'm returning to the idea of learning the in's and out's of an online store.


Since i last asked this question (ecommerce related) I have begun learning wordpress.

I noticed WP has a lot of plugins for ecommerce solutions. However after implementing eshop I realized it does not work with an SSL certificate. So I BELIEVE when purchasing products you are redirected away from the site to the the payment gateway??? (not sure, but I assume is not a great idea)


So I'm now back to researching etc etc. and thinking those free wp plugins for ecommerce are not that great of a money saving idea. So i'm back to looking into shopify, Megento etc etc


My question is what things do I need to be concerned about with regard to security etc.


So far my searches have uncovered the following 3 things in terms of security etc.


1. Static IP


2. SSL Certificate


3. PCI Compliant.


Is there anything else I need to make sure is part of any ecommerce solution?

I think the free ecommerce solutions leave all three of those things up to the website designer to gather and implement. Is that correct? While sources like shopify, magento etc include all those functions and take care of it for you. (which is probably why they are not free ???)


Any suggestions as to the best, easiest, cost effective option for an ecommerce solution to work with wordpress?


Sorry for all the questions, any help is appreciated.



Link to comment
Share on other sites

As far as I understand it, the security issues you pointed out above are primarily an issue during the payment portion of the shopping process -- primarily to ensure that credit card numbers can't be accessed by someone who isn't authorized. What many cart solutions do is redirect the payment portion of the process out to a different website (PayPal for example), and then redirect back once the payment is complete. This means that the payment processor deals with SSL certificates and being PCI compliant, and the ecommerce website doesn't have to worry about that. I personally don't have any problem with redirecting out to a separate website for payment (since this bypasses issues with SSL, PCI compliance, monthly fees to have a merchant account and to be able to accept payments online, etc.), but I realize it isn't an option for everyone, and it may be considered more professional to keep the entire shopping experience within the original website.


Keep in mind though -- all three things on your list are up to you to figure out an implement, whether you use a paid or free ecommerce solution (I'm assuming here that you aren't redirecting out to an external website for payment processing). These three items don't come automatically, even when using paid solutions. SSL and a static IP address are something you'd need to discuss with your host, and extra charges are involved (SSL is $100 a year or so, if I remember correctly) and the cost of a static IP depends on the host. These items can be used under Wordpress, you just either have to find a ecommerce solution that supports SSL, or you have to modify things so that checkout pages go to https:// pages rather than htt[://. PCI compliance, though I haven't looked it it in some time, is primarily about safely processing/storing credit card data. Whether you use a free or paid ecommerce solution, you're still responsible for making sure you are PCI compliant, and I would assume that the code of any reputable ecommerce solution would be PCI compliant (though it's up to you to make sure you are, and there's more to being PCI compliant than making sure the ecommerce software solution you are using doesn't store credit card information, or stores it securely).


If you're looking for a Wordpress cart solution, I'd suggest looking at Cart66 (http://cart66.com/). If I need to do another WP ecommerce project, that's the one I'd most likely be using. Shopp (https://shopplugin.net/) might be another option. Both are PCI compliant, work with a variety of payment gateways (so you can process payments directly on your website and not redirect out to an external payment site) and should allow you to work with SSL.

Link to comment
Share on other sites

BEN, as always thanks for your help.


I took a look at Cart66 and all looks perfect. I am still doing a search for CONS to using it. Additionally I'm tallying the total cost's of a PAYPAL style ecommerce solution(no SSL etc) VS Cart66 + SSL + static IP +, Authorize.net fees etc.


Somewhere I read that it (Cart66) doesn't have catalog ability etc. I'm not sure what thats about since I never dealt with ecommerce, online stores, product enetring etc. I guess I will have to ignore it and see if I understand what thats about after working with the system etc.and entering products. My guess is this first store I'm creating will probably have no more then 25-100 products, at least for a year or two. So maybe the catalog comment is moot. Here's the content from the site mentioning it. Most of the stuff is out of my league, i.e. loops & queries etc:


Con #2: Front-end


There is no way to build a catalog page. Using CPTs, presumably, you’d create a loop to find all of your product posts and display the title, description, image … and price? Since the price isn’t actually associated with the post (remember, its just a shortcode) there’s no way to query for that post’s price. You could create a custom field that required you to denote which product ID you inserting into the post and then write a function to grab that product info.


Even a featured product widget can’t be done. I had to write a custom widget for the user to enter the post ID and product ID into the widget so that I could query first the post to get the title, description, and image, and then query the product so that I could get the price.




Separating the product data is a bad idea. Pricing, text, image, etc. should all be together. So like I said above, its good for a single product site. If all you need to do is add a Buy Now button for one product all over the place then it’ll work just fine, but don’t try selling a thousand products.





BTW what do you mean by this: (though it's up to you to make sure you are, and there's more to being PCI compliant than making sure the ecommerce software solution you are using doesn't store credit card information, or stores it securely)


Doesn't the issuer of the SSL and Authorize.net and Cart66 and the Hosting Co. (for static IP) handle anything to do with being PCI compliant. Do I need to read up on PCI stuff to make sure I know whats going on with it and what I need to do to avoid any legal problems for any online stores on?






Link to comment
Share on other sites

Based on the comments above, it sounds like Cart66 may have too many limitations, and may not be a good fit. I'd hold off on buying that product and make sure to try out the free version for a while to make sure it will fit what you have in mind. If you can't automatically create product pages, and have to use shortcodes for everything, that does make it a significant pain to work with if you have more than a couple products. I'd suggest looking at Shopp in more detail. http://jigoshop.com/ might be worth a look as well.


BTW what do you mean by this: (though it's up to you to make sure you are, and there's more to being PCI compliant than making sure the ecommerce software solution you are using doesn't store credit card information, or stores it securely)


Doesn't the issuer of the SSL and Authorize.net and Cart66 and the Hosting Co. (for static IP) handle anything to do with being PCI compliant.

I believe there is more to being PCI compliant than expecting the host/software to handle all that for you. Definitely do your research and make sure there aren't other restrictions/expectations.

Link to comment
Share on other sites

Ben in terms of the "catalog ability" con I searched.


Can you clarify if it means the following.


In Cart66 theres a products area. I enter each product, price, sku etc BUT NO DESCRIPTION.(mentioned later)


It looks like in the add new products area the products are just created WITHOUT any ordering. In other words I cannot create a product and file it under "clothing" instead I believe they are just listed all together when you create them.


Is that what is meant by "There is no way to build a catalog page"? I am trying to figure out what that comment means and how it may be a con as I move forward.



Also would it be better if the product entering section also included the description instead of adding the description by creating a page called say "blue hat" adding the description and dropping in the product ID shortcode created earlier. Is that part of the problem mentioned in my copy paste?


I'm trying to understand what the CONS are however since I have only briefly reviewed/tested a few WP ecommerce solutions I'm not really sure of the terms used (in the copy paste) and how I may want what they are saying it doesn't have.


The searched cons I pasted seem to be centered around QUERIES. Since I don't REALLY know (I have a slight understanding) what that is or why it's important I don't know why I need it.



Link to comment
Share on other sites

If I understand the comments correctly, I think what's being said is that there isn't an automatic way to show a page that contains a list of all of the products. Yes, you can create individual products, but you'd need to build out a separate catalog page and use all of the shortcodes to generate a list. I imagine it's the same thing with product pages -- if you want a product page, you'll need to create it manually and add in the shortcodes. I haven't used Cart66 yet, so that's what I believe the comment means.


In my mind, that seems to be a pretty serious shortcoming if you have more than a couple products.

Link to comment
Share on other sites

Ok I think I understand now. I planned to have to create the store using this system based off of the previews I have done of both Cart66 and some various WP plugins.


Create a Page called SHOP.

Then create a page for each category of products say for example one of them is CLOTHING


Then on the CLOTHING page (if I don't want to add any other divisions) I list all my clothing products with a description/thumbnail.

Clicking on the thumbnail or description brings you to EACH PRODUCTS individual PAGE with the ADD TO CART button.


So we have: SHOP>CLOTHING>(which has thumbnail/descriptions to clothing product's)>INDIVIDUAL PRODUCT PAGE (with the add to cart button etc)


So in my WP site all these products will have their own PAGE. So if I have 100 products I will end up having 100 PAGES for my online store (more or less)


So it seems there must be an easier way to do this using catalog pages etc that probably things like SHOPIFY etc (paid/monthly fee options) do MUCH easier.


I guess I will have to demo one of those premium shopping cart/ecommerce solutions to understand how it's easier/different.







Link to comment
Share on other sites

Since I haven't used Cart66 personally, all I'm saying is you had better try things out and experiment before you commit to going with a specific solution.


If you're open to other ecommerce options, http://www.highwire.com/ might be worth a look. Again, not something that I used personally, but I did recommend it as a potential solution to a client of mine, and it looks like a good deal, both from the monthly cost/fees to the features and ease of use. But no, it doesn't run Wordpress.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...