PCI DSS compliant sites

Q: My client is asking whether his site will be PCI DSS compliant? Can you let me know whether or not this feature is embedded within the Jigoshop plugin?

A: Answer is not Jigoshop specific, it applies to all carts in WP. It depends on how client wish to take the credit card information. There are 2 possible situations:

  1. If the client plan on taking the credit cards on his site via redirection to a Payment Gateway (such as PayPal)?

  2. If the client plan on taking the credit cards on his site via a secure Iframe (such as Authorize DPM/AIM)?

In the case of the 2. situation the answer is Yes – if the site has a SSL certificate (non shared).

Else the answer is no. If you are doing it through the included PayPal gateway, then it its recommended you have SSL certificate. Its not required for PCI, because the credit card details are not taken on your site.

It is recommended purchasing the SSL certificate from the host provider. Buying it elsewhere, like on an SSL company’s site could be cheaper, but it is never worth the headache that comes with setting some of the certificates up manually.
When you buy from your host, you do not need an expensive SSL but the most basic private SSL they have. Your hosting account likely came with a shared SSL, however, you need a private one. Should not be that expensive, though you will have to buy it on a 1 or 2 year contract. After you’ve got one, its going to require a bit of work to set WP up to use it, therefore we recommend following a guide like http://www.wpbeginner.com/wp-tutorials/how-to-secure-your-wordpress….