Great stuff here, Paul -- thanks. I agree on your points vis-a-vis WP security being screwed more by bad plugins than by core code (though there *was* a recent XSS bug that caused a fast dot release of WP, iirc). In my experience, you can solve quite a few potential vulnerabilities simply by disabling the theme editor and being judicious about what plugins you install. I'm not looking for an impregnable solution, b/c I know none exists. Was more looking for obvious red flags about particular solutions that came from peoples' specific experience.
In any case, I'm a LAMP/RoR developer and I know my way around well enough to be confident that I can depend on my own skills to help keep the baddies out, whichever solution I eventually choose. Security question was just to try to find out what things I should *obviously* steer clear of. Shopp looks like a pretty cool option -- many thanks to you and everyone else who rec'd it. best, -TR On Aug 25, 2009, at 5:50 PM, Paul wrote: > > Trevor, > > You might want to Join/Search the Austin WordPress user's google group > (http://groups.google.com/group/wordpress-austin) for more information > in eCommerce solutions. There was a recent thread about some > solutions. > > As for your comment on security might as well give up now I guess. I > really don't think any system (WordPress, Drupal, Joomla, etc. ) is > more or less prone to hacking. There are many many variables to > consider. Hosting provider, Hosting environment (Do we really expect > $5/months shared server hosting to be secure?), what plugins or > modules have you added to the site. Many times I've seen client > WordPress sites running some 30+ plugins to do the dumbest things. The > guys at Automattic are working to keep the core code secure. All it > takes is some careless plugin writer to open a door for someone to > access your backend. > > My personal preference is to go with something dedicated to eCommerce > like Magento. Though if you are really wanting PCI PA-DSS > (https://www.pcisecuritystandards.org/security_standards/pa_dss.shtml > ) compliance good luck. The open source version of Magento will never > ever be certified. That is from Magenti guys directly. Should be aware > this is going to be a requirement in 2010. Though not sure what this > will mean to the small mom and pop shops. Guess they will just have to > use Google Checkout or PayPal. > > Finally, to directly answer your question. on WordPress + eCommerce > there are two major players out there. There is the old standby WP e- > Commerce http://wordpress.org/extend/plugins/wp-e-commerce/. Good > plugin used it many times. In the free version they offer some > merchant options. There is a $25 add on Gold Cart which provides > commections to Auth.net. Things I don't like. It's klunky, and you > have very little control over the output which last time I used it was > table-based. Second player in the market is fairly new, Shopp > http://shopplugin.net/ > . This is a very nice plugin but is not free. And each merchant option > is like $25 each. The good news the output is entirely theme based > they expose all the functions needed. > > Paul > > > > On Aug 25, 2009, at 4:24 PM, Trevor Rosen wrote: > >> >> Does anyone have advice on Wordpress ecommerce plugins? I checked >> through the archives of this list but couldn't find anything. I'm >> curious what experiences people have had, especially with hardening >> the app/server -- I've been on the wrong end of a WP hack before, and >> it was pretty ugly. Would rather not have that happen when >> people's $ >> $ are involved... :-) >> >> thanks in advance for any info, >> >> -TR >> >>> > > > > --~--~---------~--~----~------------~-------~--~----~ Our Web site: http://www.RefreshAustin.org/ You received this message because you are subscribed to the Google Groups "Refresh Austin" group. [ Posting ] To post to this group, send email to [email protected] Job-related postings should follow http://tr.im/refreshaustinjobspolicy We do not accept job posts from recruiters. [ Unsubscribe ] To unsubscribe from this group, send email to [email protected] [ More Info ] For more options, visit this group at http://groups.google.com/group/Refresh-Austin -~----------~----~----~----~------~----~------~--~---
