One of the requirements is that the admin login has 2FA set up, however the process must not show which login item was incorrect if entered wrong.

For example, lets say I were to enter my username or password incorrectly, the login process would still allow me to move on to the 2FA step. If I entered the 2FA code correctly (or incorrectly), it would throw me back to the username/password screen without telling me which piece of information I entered incorrectly.

Likewise if I were to enter the username and password correctly but the 2FA code incorrectly, the process would still throw me back to the beginning without hinting at which piece of information was wrong.

Is this something that the plugin will be able to do soon? I inquired about a year ago regarding it and was told it would be added soon but hadn’t seen an update for it as of yet.

Thank you!

____

11.6.1 A change and tamper-detection mechanism is deployed as follows:

To alert personnel to unauthorized modification (including indicators of compromise, changes, additions, and deletions) to the HTTP headers and the contents of payment pages as received by the consumer browser.

• The mechanism is configured to evaluate the received HTTP header and payment page. 
• The mechanism is configured to evaluate the received HTTP header and payment page.

The mechanism functions are performed as follows:

• At least once every seven days

____

In addition to this, I also need to implement a Content Security Policy or Sub-Resource Integrity.

Are either of these a feature that the BulletProof Security Plugin can help with?

Thank you!

One of the requirements is that the admin login has 2FA set up, however the process must not show which login item was incorrect if entered wrong.

For example, lets say I were to enter my username or password incorrectly, the login process would still allow me to move on to the 2FA step. If I entered the 2FA code correctly (or incorrectly), it would throw me back to the username/password screen without telling me which piece of information I entered incorrectly.

Likewise if I were to enter the username and password correctly but the 2FA code incorrectly, the process would still throw me back to the beginning without hinting at which piece of information was wrong.

Is this something that your plugin can do? If not, is it something that may be added in the future as the PCI compliance rules come into effect?

Thank you!

It really helps people and tiny businesses, then the larger ones can also happily get the administration PRO version.

Now, regarding the PRO version.

As we know – unless it has changed – one does not need PCI accreditation because PayPal buttons are directly handled by PayPal and there is non involvement with the website were it comes from. Not having a basket and checkout hosted on originating site.

But… if one goes for the PRO version (I do not need it at present, but possibly in the future) it adds PayPal administration etc. and at this point I guess one might be forced to get PCI accreditation, right?
Because we handle people’s data – even thought we do not handle card data.

… or maybe it is only a ICO.org thing (in UK) and not PCI?
Since admin I guess does not deal with Card details?

Regards
M

Do payments processed by NMI Gateway For WooCommerce go direct to the merchant processor? Or, do they pass thru the website’s host server first?

Your earliest response will be greatly appreciated.

Thank you!
Roger

We are trying out your plugin and want to know whether we will be required to do additional work in order to be PCI compliant.

We are looking to set up something fairly simple/basic and plan to only use the “Offline Donations” and “PayPal Donations” options on our site.

With this setup, do you think we will need to take steps to become officially PCI compliant?

After reading your article, we have the following concerns:

We are “transmitting credit card data via [our] website” through using the PayPal payment gateway
Our “entire donation page [isn’t] hosted by a third-party” but maybe with using PayPal we are “pushing all donation activity to a third-party website”?
We are using “PayPal Donations” and not “PayPal Standard.”

so what im asking, is the code for this plugin made in a way to conform to the newest PCI Card Standards for websites?
is there a chance that processing from my website and this plugin could trigger a pci review?

thank you so much..

I need help trying to determine how to correct this fail “Cookie Does Not Contain The “HTTPOnly” Attribute” while trying to complete PCI Compliance on the site.
It is with the Mailchimp cookie from
Mailchimp for Woocommerce Version 2.4.7 . I was using the previous version when the test that was run Saturday, failed.:
…

Result
url: https://75.103.75.31/
Payload: N/A
matched: Date: Sat, 26 Sep 2020 00:12:06 GMT
Server: Apache
X-Redirect-By: WordPress
Set-Cookie: mailchimp_landing_site=https%3A%2F%2Fciuspress.com%2F; expires=Sat, 24-Oct-2020 00:12:10 GMT; Max-Age=2419200; path=/
Location: https://ciuspress.com/
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

…
Is this something that I can change or is this plug-in dependant?
How can I resolve?
Thanks