Wp Ecommerce and PayPal Advanced

I’m pretty sure that the standard Paypal gateway allows people to pay by credit card on Paypal’s servers without handling any c/c info your server.

As for getting wordpress to be PCI compliant – I would not even start. I will *never* knowingly enter my card details into a wordpress site, and I can’t be the only one.

PCI Compliance is not hard, but there are a few details you need to take care of to get there.

A big advantage you have with WordPress sites is that WordPress and the plugins are almost always open source making a code survey/review very straight forward.

Several of the payment gateways include in their fees a subscription to a third party PCI compliance service. They should provide the documents you need and the checklist of what you need to do to be PCI compliant. It is likely the case that your credit card processing will not be enabled until you complete the checklist.

When we create a site with WP-eCommerce, we typically allocate half a day of one person to do everything that is required to configure the gateway and PCI compliance checklist.

Thanks for replying.

Re. PP Standard. It’s really meant for very few products and yes it is easy to accept credit cards this way without being a member…but you would not want to generate a unique button for each of 80 or 800 or 8000 products. PP Standard is really meant a few products.

I have had many problems getting a Blue Host server to be PCI compliant in the past, thus my desire for processing payments on a remote sever.

This wraps me back to the Topic at hard. To reiterate: is there a plugin that will enable me to process payments with PayPal Advanced when using WP E-commerce?

Y/N?

@david: PP standard works just fine on this site:
https://innovateelectricalsupplies.co.uk/
He has something like 2,500 products on site and his sales are healthy.

You’ll see that he alsp has a non-PP option – this is a good idea. Some people much prefer using Paypal, while others hate it (or still think that you need to have a Paypal account in order to use it).

@jeff: it is my strong impression that the difficulty of achieving PCI compliance depends on where you are. Here in the UK it is perceived as quite difficult and something for “the big boys” – airlines, ticket agencies, and so on. I’ve discussed it many times with fellow UK developers and we are unanimous in our advice to customers – unless you have a large monthly budget in place to handle ongoing security audits, let somebody else deal with handling credit card numbers.

Secondly, the fact that wordpress plugins are GPL and hence open source doesn’t stop many of them being very poorly coded and a constant source of exploits:
e.g. https://wptavern.com/wordpress-security-alert-new-zero-day-vulnerability-discovered-in-timthumb-script

As I said, I will *never* knowingly enter my card details into a wordpress site, and I don’t understand how anybody thinks it’s a good idea to let a wordpress site handle credit card details, even transiently. Even if you, as a responsible developer, have personally scoured every single line of code at the time of installation, there’s nothing to stop the site owner deciding that the front page needs a new image widget or something that happens to use an old version of tim thumb – as above.