Posted: December 20, 2013 at 1:22 pm
Hi, I have two pretty general security questions: 1. I notice that links for event tickets, account details, and invoices are sent to the attendee via email, and that these links do not require any login to access ie. they are publicly available. Given that the invoice includes sensitive information such as attendee name, email, and the particular event they wish to attend, is this a security risk? I assume these are temporary links that aren’t indexed, but I just wanted to check the security implications. 2. If my client processes all payments through third-party sites, would you still recommend forcing an SSL connection for the Registration Page & Shopping Cart (ie. is it advisable that she purchase an SSL certificate for these pages), or would that be overkill? I really appreciate your help in this matter! | |
Hi Angela, How are you today? 1) Those links are not indexed and generally very unique. | |
Hi Garth, and thanks for that information; just wanted to be sure. The payments will be processed off-site, so that’s not an issue. However, do you find that there is any kind of issue with spamming on the registration page? Would you advise adding reCaptcha or similar? Thanks again, and Merry Christmas! | |
Hi, Some users get more spam than others. The reCAPTCHA system is available (General Settings) and will help reduce against bot spam, but for the increasingly common human spam there is little defence. If you are suffering from spam registrations then try reCAPTCHA and see if it helps. If it doesn’t help you could try something like http://wordpress.org/plugins/better-wp-security/ or even start blocking IP addresses (in blocks if necessary). | |
Hi Dean – thanks for that; much appreciated! | |
The support post ‘Security Questions’ is closed to new replies.
Have a question about this support post? Create a new support post in our support forums and include a link to this existing support post so we can help you.