So you want to take payments on your website? But you don’t want to hand over payment collection to PayPal or Stripe? You really want the responsibility of handling people’s credit card details? I’d strongly advise against it, but if you really must, read on… PCI Compliance All people handling card payments mus be PCI compliant. The full term is Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is an information security standard for organizations that handle branded credit cards.
It’s one of the oldest tricks in the book. “I know what you’ve been up to. Leave £50 in used notes in a plain brown paper envelope behind the pipes in the men’s cloakroom on Shrewsbury station and we’ll say no more about it. If you don’t then I’ll tell all your friends and colleagues just what you’ve been doing.” Here’s an email I got recently, apparently from M****lle D***s (aussie********@yahoo.
Google’s browser is to issue security warnings on non SSL sites. It’s for our own good and we’ll have to jolly well get used to it and learn to be grateful. Google are only doing this because they love us and they know what’s best. At least that’s how I read this latest innovation designed to educate and inform our browsing habits But surely secure browsing is a good thing?
If you’ve read any of my previous outpourings you’ll have noticed the constant refrain of “Update early, update often.” Especially with web facing software. Out there on the Internet an army of malicious beings waits to exploit a chink in your armour for their own nefarious purposes. Whether to spread smut, viruses or to drain the bank accounts of innocents, it’s a rough world out there. The teeming mass of malefactors will not hesitate to take advantage.
Never being ones to let the grass grow under their feet, jewelion.com has had an SSL certificate for a long time now. More years than we care to remember. Right from the start when we first started hosting eCommerce sites we decided that SSL was A Good Thing™. Back then each SSL protected site had to have its own IP address - due to the way the https protocol then worked.
The relentless march of WordPress improvements carries on. Yesterday (16th November 2017) we were greeted with the good news that those awfully nice WordPress people have an update for us: 4.9 “Tipton”, no less. Tipton is named after jazz musician and band leader Billy Tipton. The increase in number from 4.8.x to 4.9 indicates that this is a pretty important release, introducing major new functionality rather than addressing bugs or blocking security holes.
As sure as winter follows summer, here comes another Wordpress upgrade. I’ve just received emails from the sites I run to say that Wordpress 4.8.3 is now the recommended version. It looks to be a pretty important update - billed as a security release. The advisory page says: we strongly encourage you to update your sites immediately That’s Wordpress code for “We’re probably aware of something nasty wrong in the old versions and if you don’t get your site(s) updated / patched don’t blame us if someone or something nasty gets into your site!
Privacy, or lack of it on the internet and our daily lives, is hotly debated. Ironically, those very organisations which profit from analysing our online activities are the most vocal in the promotion of techniques to prevent people’s browsing habits from being exposed. Google is actively encouraging the use of SSL across all websites. This is not the appropriate blog post to investigate or query their motivations - rather we’ll look at the practical use of SSL (the little padlock) in securing your website and making your visitors feel safe.