What Is PCI Compliance?

What Is PCI Compliance?

For any business that handles Credit Card data, in anyway, there is a set of rules and standards they must follow. These rules and regulations are called Payment Card Industry Data Security Standard. Or PCI-DSS for short, however this is often simplified to just ‘PCI Compliance’.

These standards were put in place by major Credit Card companies to ensure data security. These standardized rules greatly simplify securing credit card data as they allow businesses to track a single standard. In the past each credit card network had their own standard which made it hard for users to be compliant.

Who created PCI Compliance and why?

In the early 2000s there were numerous issues relating to Credit Card processing and security. At that time every network had their own set of rules and standards. Making it hard for businesses to comply, or even stay informed about the requirements. Often a business couldn’t follow the proper procedure simply due to confusion.

Around 2006 the major Credit Card networks, processors and providers began working to solve these issues. As a joint venture they formed the Payment Card Industry Security Standards Council. The original members of the council include Visa, MasterCard, American Express, Discover, and JCB. Under this new council the original PCI-DSS rules and documentation were created.

The new standards greatly simplified and improved security compliance for business owners. Rather than needing to understand every companies unique rules they had a single set.

The 12 steps to PCI Compliance

While at its core PCI Compliance is a very technical topic, it can be simplified to 12 points across 6 sections. Each section has their own defined objective and each point aims to achieve that objective.

Objective: Build and maintain a secure network

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters

Objective: Protect cardholder data

  1. Protect stored cardholder data
  2. Encrypt transmission of cardholder data across open, public networks

Objective: Maintain a vulnerability management program

  1. Use and regularly update anti-virus software on all systems commonly affected by malware
  2. Develop and maintain secure systems and applications

Objective: Implement strong access control measures

  1. Restrict access to cardholder data by business need-to-know
  2. Assign a unique ID to each person with computer access
  3. Restrict physical access to cardholder data

Objective: Regularly monitor and test networks

  1. Track and monitor all access to network resources and cardholder data
  2. Regularly test security systems and processes

Objective: Maintain an information security policy

  1. Maintain a policy that addresses information security

Again, that’s quite a lot more to PCI Compliance than just the steps above. These are simply meant to be an overview to give you a better picture of what PCI compliance entails.

If you would like more information on PCI compliance at Liquid Web see our PCI Compliance product page. Or you can read about our data center’s compliance on our SSAE/SOC page.

Featured Video: Setup an SSL Site with Managed WordPress

There was once a time on the Internet where there were many valid reasons to avoid using an SSL all the time. For example, using an SSL sometimes meant your website isn’t indexed as thoroughly. Or maybe certain types of caching were broke.

It’s 2017 now though and those days are long since passed. Almost any reason to not use an SSL on your site has been changed or fixed. In this Knowledge Base article we feature a video provided by Chris Lema to show how quick you can setup an SSL on Managed WordPress.

 In just under 2 minutes Chris shows that you can login to your Managed WordPress, create a new WordPress site, and get the SSL certificate setup! Doing the same thing manually could take up to a few hours. There’s no doubt that Managed WordPress makes hosting your WordPress securely quick and simple.

To learn more, or signup, take a look on our Managed WordPress page.

Featured Video: Liquid Web Managed WordPress and PHP 7

There’s no doubt that PHP 7 is a lot faster and more efficient than PHP 5.x versions. The reason it’s provides better performance is because PHP 7.x underwent massive internal changes. With such massive changes something has to be too good to be true, right? No not really, but there is something you should know before updating to PHP 7.
 
In this Knowledge Base article we feature a video provided by Chris Lema. Chris shows how the Managed WordPress Platform makes upgrading to PHP 7 simple and quick!

 
Overall, almost every website and application will benefit running on PHP 7. Sounds good, but it’s not always that simple! With big changes comes some breaking changes, so not everyones code is ready for the update as is. That’s why our Managed WordPress product includes a compatibility checking feature to ensure your WordPress and plugins are fully compatible with PHP 7.X before updating!

To learn more, or signup, take a look on our Managed WordPress page.

Featured Video: Liquid Web Managed WordPress and Image Compression

The key to running a successful blog or website is having great content and making it easy for your users to find what they need. Part of providing great blog content usually involves using images and graphics to enhance your articles, posts and pages. Doing so will provide your readers with visual context and can help break up large blocks of text. Using lots of visual elements and images isn’t without its trade-off though.

The more HD photos you use, the more data a user has to download when reading your articles. This can mean longer load times for users, and higher disk and bandwidth usage for your server. That’s why you should always optimize your website’s images since long page loads can cost you views. In this featured video Chris Lema shows how our Managed WordPress improves this with a default plugin.

Website performance is a big deal and we know you care about keeping your site fast. The most common reason for a slow site is caused by uploading full size HD images. So to improve your WordPress sites performance we’re building our own image compression solution. Since building our own solution will take some time and we don’t want you to wait, so we’ve loaded the Compress JPEG & PNG Images plugin for you.

Normally optimizing the first set of images is free and you pay a small fee for images after that, but you wont! We’ve partnered directly with TInyPNG and Liquid Web will be covering that cost so you can use this solution until we complete our own.

To learn more, or signup, take a look on our Managed WordPress page.

Featured Video: Liquid Web Managed WordPress Visual Comparisons Feature

In this Knowledge Base article, we feature a video provided by Chris Lema to introduce the Managed WordPress Visual Comparison feature. If you run run a WordPress, you understand the potential headaches you may face when updating your plugins and themes. Do you choose to update on the fly and risk taking down your site; or do you set up a staging, keep it in sync with your live site and use that to test updates?

What if there was another way? A better way? Chris knows there is and we’re excited to show you what we’ve come up with.

Using our Managed WordPress Platforms Visual Comparison feature we can automatically test and update your plugins for you. This creates an internal only staging environment, updates the plugins one by one and compares the changes. The Visual Comparison feature will only update plugins that do not cause a visual difference on your live site.

When you review the Visual Comparison report for the site you will see the plugins we updated automatically and exactly why we didn’t update others. You can quickly determine the potential issues a plugin update will cause, allowing you to more easily take control of your WordPress site’s updates.

The best part is that with Visual Comparison enabled we will run the update checks and comparisons nightly to ensure all of your plugins stay up to date! It’s that simple, no more compromise between security and site stability.

To learn more, or signup, take a look on our Managed WordPress page.

Choosing Your Cloud Sites Technology Setup

Behind Cloud Sites, racks full of both Linux and Windows servers power over 100,000 sites and applications. Every Windows-based page is served from clusters built and optimized especially for Windows, and every Linux-based page is served from clusters built and optimized especially for Linux. We use advanced load balancing technologies to automatically detect the type of technology you are running and route each request to the proper pool of servers.

This is a great example of the power of cloud computing, since you no longer have to make a hosting choice between Linux and Windows. Both PHP and .NET are included, allowing you to choose the technology you need site by site.
Continue reading “Choosing Your Cloud Sites Technology Setup”

Best Editor for Web Development 2017

Best Web Development Tools of 2017: Editors/IDEs and Package Management

The worlds of web hosting and web development are in a constant state of evolution. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

In this article we will discuss and highlight a handful of tools that help make web development easy. Whether you work on Frontend, Backend, PHP, Javascript, or even Perl this list will have something helpful.

As a web hosting company we don’t often talk about the tools used to create the web. We’re usually ultra focused on the components that enable us to server and support you; things like: server hardware, Linux, Apache and etc.

We may not support development tools, but we do want to help our customers to build amazing stuff.
Continue reading “Best Editor for Web Development 2017”

Will my site be marked unsafe in Chrome 56+?

Lately there’s been a lot of speculation about Googles up-coming changes to how sites without an SSL are going to be treated. As January draws towards a close we have seen an increase in customers with concerns of how this will affect their site. Both in terms of people being able to see it and how it might affect their search ranking.

This article aims to clear up some of the confusion and to demystify the changes. If you are unfamiliar with how SSL/TLS or HTTPS works please take a look at our article on the subject.

If you aren’t interested in how these changes came about feel free to skip down to: How These Changes Affect Your Site
Continue reading “Will my site be marked unsafe in Chrome 56+?”

How does an SSL work?

httpVShttps

Every single day 100s of terabytes of data is being transferred across the internet. In fact, based on Intel’s 2012 report, nearly 640K Gb of data is transferred every single minute. That’s more than 204 million Emails, 47,000 app downloads, 1.3 million YouTube videos watched and 6 million Facebook views.

We’re talking about a seriously massive amount of data here. So how do we know if that data is being transferred securely? Enter the SSL/TLS protocols.
Continue reading “How does an SSL work?”