New Site: Lizzie Lane – Hand Selected Beautiful Jewellery and Gifts

Today I completed work on another customer’s site: Lizzie Lane – Hand Selected Beautiful Jewellery and Gifts.

My tasks were to develop some custom templates for it’s Thesis based theme, many Shopp modifications including fixing an XSS issue in Shopp, making Shopp work with SSL (something it does not do out of the box), some CSS work and various other Shopp modifications.

 

WordPress/Shopp Shipping Calculator/Options Access-Control-Allow-Origin Error

I’ve recently been debugging a customer’s WordPress/Shopp store. When the customer set the Cart & Checkout to be served over SSL  the shipping calculator failed.

Serving Cart / Checkout / My Account pages over SSL is not built into Shopp for some reason. I have a post on this –  SSL/HTTPS for Shopp pages or checkout process only. If you use a shipping calculator, or offer different shipping methods this will fail. Continue reading “WordPress/Shopp Shipping Calculator/Options Access-Control-Allow-Origin Error”

SSL/HTTPS for Shopp pages or checkout process only

Shopp currently doesn’t redirect you to any SSL/HTTPS pages during any part of the checkout process. Technically, if you are using a 3rd party payment provider, it doesn’t need to, but I’d like customers name/address data to be encrypted and secure.

So we need to force SSL on specific pages. Continue reading “SSL/HTTPS for Shopp pages or checkout process only”

Not your usual WordPress IO Error

Today I noticed I was getting the dreaded WordPress IO Error when uploading media. I’ve fixed this before, for me and other clients but this wasn’t the usual error.

Not  file permissions, not an anally retentive PHP install, not user error. Besides, media uploads worked via the HTTP uploader, just not the Flash uploader. Continue reading “Not your usual WordPress IO Error”

PCI Compliance – Disable SSLv2 and Weak Ciphers

Section 4.1 of the the Payment Card Industry Data Security Standard (PCI-DSS) v1.2, merchants handling credit card data are required to “use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.” Continue reading “PCI Compliance – Disable SSLv2 and Weak Ciphers”