Trevor, I would share your [security] concern with your client... ultimately it's the client's decision to go with WP, but maybe they don't know better.
I'm a Magento fanboy, so feel free to contact me if you have questions on taming this beast. Rob On Tue, Aug 25, 2009 at 5:47 PM, Trevor Rosen<[email protected]> wrote: > > Great stuff here, Paul -- thanks. > > I agree on your points vis-a-vis WP security being screwed more by bad > plugins than by core code (though there *was* a recent XSS bug that > caused a fast dot release of WP, iirc). In my experience, you can > solve quite a few potential vulnerabilities simply by disabling the > theme editor and being judicious about what plugins you install. I'm > not looking for an impregnable solution, b/c I know none exists. Was > more looking for obvious red flags about particular solutions that > came from peoples' specific experience. > > In any case, I'm a LAMP/RoR developer and I know my way around well > enough to be confident that I can depend on my own skills to help keep > the baddies out, whichever solution I eventually choose. Security > question was just to try to find out what things I should *obviously* > steer clear of. > > Shopp looks like a pretty cool option -- many thanks to you and > everyone else who rec'd it. > > best, > > -TR > > > On Aug 25, 2009, at 5:50 PM, Paul wrote: > >> >> Trevor, >> >> You might want to Join/Search the Austin WordPress user's google group >> (http://groups.google.com/group/wordpress-austin) for more information >> in eCommerce solutions. There was a recent thread about some >> solutions. >> >> As for your comment on security might as well give up now I guess. I >> really don't think any system (WordPress, Drupal, Joomla, etc. ) is >> more or less prone to hacking. There are many many variables to >> consider. Hosting provider, Hosting environment (Do we really expect >> $5/months shared server hosting to be secure?), what plugins or >> modules have you added to the site. Many times I've seen client >> WordPress sites running some 30+ plugins to do the dumbest things. The >> guys at Automattic are working to keep the core code secure. All it >> takes is some careless plugin writer to open a door for someone to >> access your backend. >> >> My personal preference is to go with something dedicated to eCommerce >> like Magento. Though if you are really wanting PCI PA-DSS >> (https://www.pcisecuritystandards.org/security_standards/pa_dss.shtml >> ) compliance good luck. The open source version of Magento will never >> ever be certified. That is from Magenti guys directly. Should be aware >> this is going to be a requirement in 2010. Though not sure what this >> will mean to the small mom and pop shops. Guess they will just have to >> use Google Checkout or PayPal. >> >> Finally, to directly answer your question. on WordPress + eCommerce >> there are two major players out there. There is the old standby WP e- >> Commerce http://wordpress.org/extend/plugins/wp-e-commerce/. Good >> plugin used it many times. In the free version they offer some >> merchant options. There is a $25 add on Gold Cart which provides >> commections to Auth.net. Things I don't like. It's klunky, and you >> have very little control over the output which last time I used it was >> table-based. Second player in the market is fairly new, Shopp >> http://shopplugin.net/ >> . This is a very nice plugin but is not free. And each merchant option >> is like $25 each. The good news the output is entirely theme based >> they expose all the functions needed. >> >> Paul >> >> >> >> On Aug 25, 2009, at 4:24 PM, Trevor Rosen wrote: >> >>> >>> Does anyone have advice on Wordpress ecommerce plugins? I checked >>> through the archives of this list but couldn't find anything. I'm >>> curious what experiences people have had, especially with hardening >>> the app/server -- I've been on the wrong end of a WP hack before, and >>> it was pretty ugly. Would rather not have that happen when >>> people's $ >>> $ are involved... :-) >>> >>> thanks in advance for any info, >>> >>> -TR >>> >>>> >> >> >> > > > > > > --~--~---------~--~----~------------~-------~--~----~ Our Web site: http://www.RefreshAustin.org/ You received this message because you are subscribed to the Google Groups "Refresh Austin" group. [ Posting ] To post to this group, send email to [email protected] Job-related postings should follow http://tr.im/refreshaustinjobspolicy We do not accept job posts from recruiters. [ Unsubscribe ] To unsubscribe from this group, send email to [email protected] [ More Info ] For more options, visit this group at http://groups.google.com/group/Refresh-Austin -~----------~----~----~----~------~----~------~--~---
