About: hakata

Thanks for this. I will see what I can do. So, basically I would just need a very barebones copy of my wordpress installation on the secure subdomain with just the secure checkout pages and the script to update the main installation with the username, name, email, subscription type, etc. Is that right? Is there a way to use the Paypal IPN to handle some of this?

Just a quick update on my PCI compliance adventures. Hope this is helpful for others:

1) Hostgator has been extremely helpful with getting everything set up, addressing PCI compliance issues on the server, etc. This is the most cost-effective PCI hosting solution I have found so far. I’ll update if I experience problems in the future, but so far so good.

2) We tried Trust Guard as our scanning vendor, but it took over three days for them to start a scan. In fact, I canceled the service after 3 days, since the scan had not yet run. I was imagining a nightmare scenario where I would have to wait a week or more for every scan, which could translate into months if there were problems/false positives to address. After my issues with Trust Guard, I contacted Trustwave. I couldn’t find a free trial or a cancellation policy, so I contacted their support prior to purchase. Support seemed friendly but would not answer questions about cancellation/free trial. In the end, I tried McAfee, which I thought would be expensive. Turns out there is a 90-day free trial and the cost of just the PCI scanning service is actually quite reasonable. We are still in the trial, so I have not yet paid for the service. I will update if things change. So far, I have been able to run scans on demand. Scans start immediately. They can also be scheduled for future dates and times. Support is friendly and quick. So far, I am very happy with their service.

I know this is a complicated question. For now, could you confirm the following:

1) Does S2Member’s integration with Authorize.net utilize the Direct Post Method?
http://developer.authorize.net/api/howitworks/dpm/

If so, just switching the payment gateway seems to be the easiest (and cheapest) solution.

This is very helpful. I will try moving the files to the main directory and also contact the host. If/when I am able to resolve this, I will post back here.

Thanks so much for your help.

I’ve tested just about everything I can think of, and the only thing left is the host. I will try a new host and see if the problem goes away. Are you still interested in taking a look, or should I disable credentials? Have you had other problems with the login widget and Rackspace Cloud Sites?

Just sent credentials. Please let me know when you have finished so I can disable. Thanks.

Thanks for getting back to me. I ran the server scanner earlier today before I contacted support at my host. Everything looked ok except for this:

In order to run s2Member®, your installation of PHP needs one of the following…
• Either the cURL extension for remote communication via PHP (plus the OpenSSL extension for PHP).
• Or, set: allow_url_fopen = on in your php.ini file (and enable the OpenSSL extension for PHP).

The host confirmed that both cURL and allow_url_fopen were enabled.