Magento Forum

   
Will PCI Compatible hosting improve Magento Community Security? 
 
Eihab
Jr. Member
 
Total Posts:  1
Joined:  2009-12-09
 

Hello everyone,

Now in the exciting stage where I think my business idea is worth doing an ecommerce shop for.
I have done research and considered my options, I have installed Magento locally and I am very impresses with its features and the way it interacts with the customer.

The issue I have as perhaps most people is that I can’t afford to start with a licensed edition (i.e. Professional) and I have been looking into hosting solutions. There is an excellent hosting provider that I have used before that has Magento community as part of the package; I am looking to get a semi dedicated package that enables the site to be PCI compatible.

Magento official site says that Magento community is for development purposes, to be honest in terms of functionality Magento Community exactly meets my business model in terms of functionality, but I have concerns regarding security. If I am using Magento community in a real ecommerce environment will be shooting myself in the leg and will have serious risks in terms of security. Will PCI compatibility enhance Magento community security?

I am now in two minds, in terms of functionality and features Magento does it for me, but for some reason I have some security fears. I am also considering other hosted solutions that are affordable but in terms of functionality they are not as good as Magento in my view. Can you please let me know if my concerns are valid, or I am just worrying too much?

Your advice is greatly appreciated.
Eihab

 
Magento Community Magento Community
Magento Community
Magento Community
 
J_T_
Moderator
 
Avatar
Total Posts:  1961
Joined:  2008-08-07
London-ish, UK
 

Whether or not your Magento installation, or your hosting for that matter, is PCI compatible is entirely dependent on the payment methods you offer.

PCI-DSS offers just some best practise standards. You can be compliant and still be insecure.

Many people run Magento community edition, ensured the entire installation including the appropriate payment methods are PCI compliant, turn over hundreds of thousands, if not over a million and do just fine, without security problems.

Magento CE is not insecure. Your hosting may be, or the way you implement Magento may be insecure. PCI offers a nice check list of things to bear in mind but is by no means authoritative.

Go with CE, get a trusted host, get a secure hosting package and then hire someone to put in great security features like comprehensive htaccess / mode_security rules (or use LItespeed server), fail2ban, iptables, a dedicated hardware firewall, logwatch etc. etc.

 
Magento Community Magento Community
Magento Community
Magento Community
 
edmondscommerce
Guru
 
Avatar
Total Posts:  342
Joined:  2008-08-26
 

good advice

definitely don’t assume PCI compliance means you don’t need to worry about security

 
Magento Community Magento Community
Magento Community
Magento Community
 
Rhonda_Rondeau
Enthusiast
 
Total Posts:  924
Joined:  2010-08-03
Culver City
 

Blue acorn has a really good article on PCI and Magento

http://www.blueacorn.com/magento-blog/pci-compliance-for-magento/

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
    Back to top