E-store Security

Hosting

MyClinicShop.com/820 Direct e-stores are hosted on stand-alone HIPAA compliant servers housed in a secure datacenter.

Security enforced by Robard/Food Sciences Corporation on myclinicshop.com

• SSL certificate through LetsEncrypt
• Google Captcha v.3 for all login and forms
• Regular updates of WP core, themes, and plugins
• MyClinicShop.com/820 Direct e-stores are hosted on stand-alone HIPAA compliant servers housed in a secure datacenter
• Your data is protected by multiple software and hardware firewalls and switches for ultimate security
• We employ multiple backups to secure locations for disaster recovery options
• Only approved personnel have access to the e-store administrative dashboards.
• Wordfence Security plugin
  • Limited login attempts
  • Common hacker usernames blocked (admin, administrator, etc.)
  • Unused usernames automatically blocked
  • Throttling and blocking based on number hits in prescribed period of time
  • Firewall
  • Official repository scan for file deviations in WP core, themes, and plugins
  • Strong passwords enforced

 

Do I need to be PCI-DSS Compliant?

https://woocommerce.com/document/pci-dss-compliance-and-woocommerce/#section-2

If you store, process, or transmit cardholder data (as defined in the PCI Security Standards Council’s glossary), yes.

If, however, you are taking payments off-site by using a gateway that uses its own servers to take payments (Square, PayPal Payments, etc.) and you are not collecting, transmitting, or processing cardholder data, PCI-DSS is not applicable to you.​ <–MyClinicShop