Hi @pleazo ,
I was wondering how do I know if my site encrypts certain information (e.g. credit card numbers) and what kind of security am I using for this? Is there something already built in with woocommerce?
WooCommerce handles the security of a site on multiple levels. First, the details such as username, password, address etc. that the customer enters on your site gets passed to the server via POST – this ensures that your customer’s data is not exposed via the URL. If you need to encrypt this data, then we recommend using SSL Certificate (HTTPS) on your site. That would ensure all the data that customer enters are encrypted.
You can reach out to your web host to install and configure an SSL certificate on your site.
Apart from this, the credit card data handling is done directly by the payment gateway that you use on the site. If you use PayPal – then PayPal handles the security of the data, similarly, if you use Stripe, then Stripe handles the security of the card data.
Basically, Stripe, PayPal and other payment gateways embed the card data form on your site using a technology called iframe. This allows the payment gateways to basically generate and control the form on their own server while it still shows as an embed on your site.
You can find more details on WooCommerce card data security here: https://docs.woocommerce.com/document/woocommerce-security-faq/#section-4
I hope this helps!
dougaitken
(@dougaitken)
Automattic Happiness Engineer
Hi @pleazo
Your query is more related to general WordPress / domain usage than WooCommerce so for more advice please speak to your SSL provider or host.
We haven’t heard back from you in a while, so I’m going to mark this as resolved – if you have any further questions, you can start a new thread.
Thanks,
