I've just finished putting together my first website, running with WordPress, which is fully functioning on localhost. I'm looking for the final pieces to the puzzle to make things work well when it goes live. First and foremost I'm looking for hosting, but I've started to get concerned about security, especially for anyone that signs up to my site for posting comments and more besides ...
The site has a business element to it which I've put together using the Jigoshop plugin and a bit of tweaking. That means that anyone who registers has an account page that they can use to save their address details, but all payment details will be handled by PayPal. So I want to make sure these details are pretty safe, and that the site is watertight on the whole.
I don't know how this works. I'm guessing I need an SSL certificate or something like that, or are there other options? Can anyone tell me how transparent a simple vanilla WordPress setup is to the outside world, if it's particularly easy for someone with intent to browse through your SQL databases or whatever? And are WordPress passwords at least stored in some secure way? ( Although perhaps not transmitted in a secure way depending on the SSL status ... )
Thanks in advance for any help or pointers, maybe there are plenty of others out there who are just as interested in these points but have no technical knowledge about them.