E-store Security
Hosting
MyClinicShop.com/820 Direct e-stores are hosted on stand-alone HIPAA compliant servers housed in a secure datacenter.
Security enforced by Robard/Food Sciences Corporation on myclinicshop.com
- SSL certificate through LetsEncrypt
- Google Captcha v.3 for all login and forms
- Regular updates of WP core, themes, and plugins
- MyClinicShop.com/820 Direct e-stores are hosted on stand-alone HIPAA compliant servers housed in a secure datacenter
- Your data is protected by multiple software and hardware firewalls and switches for ultimate security
- We employ multiple backups to secure locations for disaster recovery options
- Only approved personnel have access to the e-store administrative dashboards.
- Wordfence Security plugin
- Limited login attempts
- Common hacker usernames blocked (admin, administrator, etc.)
- Unused usernames automatically blocked
- Throttling and blocking based on number hits in prescribed period of time
- Firewall
- Official repository scan for file deviations in WP core, themes, and plugins
- Strong passwords enforced
Do I need to be PCI-DSS Compliant?
https://woocommerce.com/document/pci-dss-compliance-and-woocommerce/#section-2
If you store, process, or transmit cardholder data (as defined in the PCI Security Standards Council’s glossary), yes.
If, however, you are taking payments off-site by using a gateway that uses its own servers to take payments (Square, PayPal Payments, etc.) and you are not collecting, transmitting, or processing cardholder data, PCI-DSS is not applicable to you. <–MyClinicShop