Luckily our friend Jason Coleman, the author of Paid Memberships Pro, has a super simple plugin to test for TLS1.2 support. How To Know If Your Server Supports TLS 1.2 Some hosts do not provide TLS 1.2 support or provide out-of-date versions of PHP. For example, we updated our payment processor for CalderaWP to make sure that it uses their new, more secure API URLs.īut, if you have a server that is not properly configured, updating your plugins might not be enough. Here at CalderaWP we’ve been working to stay ahead of changes to payment processors. If you have the latest version of your eCommerce plugin, and whatever payment gateways you are using, you should be fine, if your server is properly configured. This is a big challenge. For example, while the current version of our Stripe add-on for Caldera Forms is totally compatible with Stripe’s new and stricter security rules, older versions of our plugins are not. This is a challenge that WordPress eCommerce merchants and developers of WordPress eCommerce plugins and payment processors must be aware of. But also, if you don’t have a server that uses TLS 1.2 and have your payment processor configured to use it, you may soon no longer be able to process payments. The first is you really don’t want to be responsible for one of your customer’s credit card numbers getting stolen. There are two reasons you should be concerned about this issue if you sell anything online. Simply put, the new version of TLS, which is what puts the secure S in HTTPS, is designed for the security threats of today, the older versions are too out-of-date to use. They are susceptible to certain known vulnerabilities and their encryption algorithms are not as robust as they need to be to counter modern hackers. TLS 1.0 and TLS 1.1 are no longer considered secure. No encryption is unbreakable, but good encryption takes years, not minutes to break.īut, TLS, like all software evolves over time, and the earlier versions are not as good. Harder encryption means more guessing, more guessing means more computing power, and computing power equals money. The basic idea behind data encryption is to make it so hard for anyone else to decode the message that it’s just not worth it to do. In a nutshell, potential hackers try to get your sensitive data by trying to decode your message with tools that allow them to make thousands of guesses every second about your encryption strategy. With it, your sending a random set of characters across the internet, that only the computer that is supposed to receive it can decode. Without it, you’d be sending credit card numbers and other sensitive data in a way anyone can see. The S in HTTPS stands for “secure.” While this requires an SSL certificate, which is something you must have, SSL isn’t the technology that makes the exchange of information secure.įor the most part, TLS is the technology that encrypts messages sent via HTTPS. When a webserver talks with another computer - be it the browser of your customer, or another server, such as a payment processor - most of the time, it uses either HTTP or HTTPS. Many of the deadlines in place don’t require change until 2017, but I think you owe it to your customers to make sure your on top of security today, so I’d like to walk you through, in a way that is as non-technical as possible, what is changing, why, and how you can protect yourself moving forward. That’s great, but if you’re not careful, it could leave your eCommerce site unable to process payments. Right now, in order to protect their users and themselves, all of the companies that process payments online are improving their security. I don’t want to be alarmist, but I also use Orbot on my phone it encrypt and annonymize my mobile data usage. Today, security is a pretty big concern for me personally and for my users. But then I started developing websites and then tools for WordPress and had to learn. There was a time where I didn’t know much about online security, or what most of these acronyms that we read all the time in scary blog posts about security mean.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |